Thanks Peter for a quick reply. Yes we have a connection with reciving server, in wireshark I can see that vi get three ack:s on establishment. As I understand it, on third Ack the TLS is supposed to be sent, but instead my Stunnel halts on 10 sek. And there I stand..... The reciving server is not reply to non-crypted communication. //Janne
-----Ursprungligt meddelande----- Från: Peter Pentchev roam@ringlet.net Skickat: den 13 mars 2020 11:44 Till: Jan Falk jan.falk@sll.se Kopia: stunnel-users@stunnel.org Ämne: Re: [stunnel-users] S-tunnel will not send TLS
On Fri, Mar 13, 2020 at 09:42:27AM +0000, Jan Falk wrote:
Hi. Can someone tell me why Stunnel stops at wating 10s? Log:
2020.03.12 09:43:36 LOG6[main]: Initializing service [x3_x4_DICOM_BFT_client]
[snip]
2020.03.12 09:44:37 LOG7[0]: Service [x3_x4_HL7_BFT_client] started 2020.03.12 09:44:37 LOG7[0]: Setting local socket options (FD=508) 2020.03.12 09:44:37 LOG7[0]: Option TCP_NODELAY set on local socket 2020.03.12 09:44:37 LOG5[0]: Service [x3_x4_HL7_BFT_client] accepted connection from 127.0.0.1:50299 2020.03.12 09:44:37 LOG6[0]: s_connect: connecting 10.67.6.106:6161 2020.03.12 09:44:37 LOG7[0]: s_connect: s_poll_wait 10.67.6.106:6161: waiting 10 seconds
Have you made sure that there is something listening on port 6161 of the 10.67.6.106 host and that the host that stunnel is running on can establish a connection to it? No firewalls, no routing problems or anything like that?
What happens if you run - on the host that stunnel runs on - this:
nc -v -z 10.67.6.106 6161
...and also, if stunnel is supposed to establish a secure connection to that host (that is, if stunnel is working in client mode):
openssl s_client -connect 10.67.6.106:6161
The first command should exit immediately and tell you that a TCP connection was established successfully; the second one should also try to negotiate a TLS connection and show you what the server on the other side tells you after the connection has been established.
G'luck, Peter
-- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13