I am attempting to use stunnel to encrypt traffic between our backup client (Window2008R2) and our NetApp filer, but I’m not having any luck
We would like to use the stunnel to redirect the port 80 calls to the filer (
ubfs2.buffalo.edu) to port 443.
Be design, the backup client (IBM Tivoli/TSM V6.2.4) makes a call to the Netapp over http.admin interface to tell it to create a snapshot.
The filer listens on https.admin (not http.admin), and we don’t want to turn on http.admin for security reasons.
I’ve included the stunnel.config file, hosts file, and the output below.
If anyone could give us a hand
here it would be much appreciated.
We tested this config on a Mac laptop and it works just fine, so I would assume that it has something to do with Windows2008R2
debug = 7
client = yes
[snapdiff]
accept = localhost:80
connect = 128.205.5.55:443
sslVersion = all
127.0.0.1 localhost ubfs2.buffalo.edu
7[1596:4336]: No limit detected for the number of clients
2012.01.27 15:16:30 LOG5[1596:4336]: stunnel 4.52 on x86-pc-mingw32-gnu platform
2012.01.27 15:16:30 LOG5[1596:4336]: Compiled/running with OpenSSL 0.9.8s-fips 4 Jan
2012
2012.01.27 15:16:30 LOG5[1596:4336]: Threading:WIN32 SSL:ENGINE,FIPS Auth:none Sockets:SELECT,IPv6
2012.01.27 15:16:30 LOG5[1596:4336]: Reading configuration from file stunnel.conf
2012.01.27 15:16:30 LOG5[1596:4336]: FIPS mode is enabled
2012.01.27 15:16:30 LOG7[1596:4336]: Compression not enabled
2012.01.27 15:16:30 LOG7[1596:4336]: Snagged 64 random bytes from C:/.rnd
2012.01.27 15:16:30 LOG7[1596:4336]: Wrote 1024 new random bytes to C:/.rnd
2012.01.27 15:16:30 LOG7[1596:4336]: PRNG seeded successfully
2012.01.27 15:16:31 LOG6[1596:4336]: Initializing SSL context for service snapdiff
2012.01.27 15:16:31 LOG7[1596:4336]: SSL options set: 0x00000004
2012.01.27 15:16:31 LOG6[1596:4336]: SSL context initialized
2012.01.27 15:16:31 LOG5[1596:4336]: Configuration successful
2012.01.27 15:16:31 LOG7[1596:4336]: Service snapdiff bound FD=396 to 127.0.0.1:80
2012.01.27 15:16:40 LOG7[1596:4336]: Service snapdiff accepted FD=452 from 127.0.0.1:51366
2012.01.27 15:16:40 LOG7[1596:4336]: Creating a new thread
2012.01.27 15:16:40 LOG7[1596:4336]: New thread created
2012.01.27 15:16:40 LOG7[1596:4336]: Service snapdiff accepted FD=460 from 127.0.0.1:51367
2012.01.27 15:16:40 LOG7[1596:4336]:
Creating a new thread
2012.01.27 15:16:40 LOG7[1596:4336]: New thread created
2012.01.27 15:16:40 LOG7[1596:5080]: Service snapdiff started
2012.01.27 15:16:40 LOG5[1596:5080]: Service snapdiff accepted connection from 127.0.0.1:51366
2012.01.27 15:16:40 LOG6[1596:5080]: connect_blocking: connecting 128.205.5.55:443
2012.01.27 15:16:40 LOG7[1596:5080]: connect_blocking: s_poll_wait 128.205.5.55:443: waiting 10 seconds
2012.01.27 15:16:40 LOG7[1596:4720]: Service snapdiff started
2012.01.27 15:16:40 LOG5[1596:4720]: Service snapdiff accepted connection from 127.0.0.1:51367
2012.01.27 15:16:40 LOG6[1596:4720]: connect_blocking:
connecting 128.205.5.55:443
2012.01.27 15:16:40 LOG7[1596:4720]: connect_blocking: s_poll_wait 128.205.5.55:443: waiting 10 seconds
2012.01.27 15:16:40 LOG5[1596:4720]: connect_blocking: connected 128.205.5.55:443
2012.01.27 15:16:40 LOG5[1596:4720]: Service snapdiff connected remote server from 128.205.4.234:51369
2012.01.27 15:16:40 LOG7[1596:4720]: Remote FD=508 initialized
2012.01.27 15:16:40 LOG3[1596:4720]: SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
2012.01.27 15:16:40 LOG5[1596:4720]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2012.01.27 15:16:40 LOG7[1596:4720]: Service snapdiff
finished (1 left)
2012.01.27 15:16:43 LOG5[1596:5080]: connect_blocking: connected 128.205.5.55:443
2012.01.27 15:16:43 LOG5[1596:5080]: Service snapdiff connected remote server from 128.205.4.234:51368
2012.01.27 15:16:43 LOG7[1596:5080]: Remote FD=480 initialized
2012.01.27 15:16:43 LOG3[1596:5080]: SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
2012.01.27 15:16:43 LOG5[1596:5080]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2012.01.27 15:16:43 LOG7[1596:5080]: Service snapdiff finished (0 left)