Dear all, I am trying to connect via stunnel to O365 OWA.
Configuration file is below: ; Sample stunnel configuration file for Win64 by Michal Trojnara 2002-2022 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options
; ************************************************************************** ; * Global options * ; **************************************************************************
; Debugging stuff (may be useful for troubleshooting) debug = 7 output = stunnel.log
; Enable FIPS 140-2 mode if needed for compliance ;fips = yes
; Microsoft CryptoAPI engine allows for authentication with private keys ; stored in the Windows certificate store ; Each section using this feature also needs the "engineId = capi" option engine = capi ; You also need to disable TLS 1.2 or later, because the CryptoAPI engine ; currently does not support PSS ;sslVersionMax = TLSv1.1 ; TLSv1.1 requires security level 0 when compiled OpenSSL 3.0 and later securityLevel = 0
; The pkcs11 engine allows for authentication with cryptographic ; keys isolated in a hardware or software token ; MODULE_PATH specifies the path to the pkcs11 module shared library, ; such as softhsm2-x64.dll or opensc-pkcs11.dll ; IMPORTANT: A 64-bit stunnel requires 64-bit PKCS#11 modules ; Each section using this feature also needs the "engineId = pkcs11" option ;engine = pkcs11 ;engineCtrl = MODULE_PATH:softhsm2-x64.dll ;engineCtrl = PIN:1234
; ************************************************************************** ; * Service defaults may also be specified in individual service sections * ; **************************************************************************
; Enable support for the insecure SSLv3 protocol ;options = -NO_SSLv3
; These options provide additional security at some performance degradation ;options = SINGLE_ECDH_USE ;options = SINGLE_DH_USE
; ************************************************************************** ; * Include all configuration file fragments from the specified folder * ; **************************************************************************
;include = conf.d
; ************************************************************************** ; * Service definitions (at least one service has to be defined) * ; **************************************************************************
; ***************************************** Example TLS client mode services
; Encrypted HTTP proxy authenticated with a client certificate ; located in the Windows certificate store [O365] client = yes accept = 192.168.0.225:443 connect = outlook.office.com:443 engineId = capi
; Encrypted HTTP proxy authenticated with a client certificate ; located in a cryptographic token ;[example-pkcs11] ;client = yes ;accept = 127.0.0.1:8080 ;connect = example.com:8443 ;engineId = pkcs11 ;cert = pkcs11:token=MyToken;object=MyCert ;key = pkcs11:token=MyToken;object=MyKey
; ***************************************** Example TLS server mode services
;[pop3s] ;accept = 995 ;connect = 110 ;cert = stunnel.pem
;[imaps] ;accept = 993 ;connect = 143 ;cert = stunnel.pem
; Either only expose this service to trusted networks, or require ; authentication when relaying emails originated from loopback. ; Otherwise the following configuration creates an open relay. ;[ssmtp] ;accept = 465 ;connect = 25 ;cert = stunnel.pem
; TLS front-end to a web server ;[https] ;accept = 443 ;connect = 80 ;cert = stunnel.pem ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel ; Microsoft implementations do not use TLS close-notify alert and thus they ; are vulnerable to truncation attacks ;TIMEOUTclose = 0
; Remote cmd.exe protected with PSK-authenticated TLS ; Create "secrets.txt" containing IDENTITY:KEY pairs ;[cmd] ;accept = 1337 ;exec = c:\windows\system32\cmd.exe ;execArgs = cmd.exe ;PSKsecrets = secrets.txt
; vim:ft=dosini
In the browser (Firefox) I get the below error: Secure Connection Failed
An error occurred during a connection to 192.168.0.225. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Chrome says: 192.168.0.225 sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR
Logs are below: Found 1 ready file descriptor(s) 2022.06.09 15:46:32 LOG7[main]: FD=604 ifds=r-x ofds=r-- 2022.06.09 15:46:32 LOG7[main]: FD=908 ifds=r-x ofds=--- 2022.06.09 15:46:32 LOG7[main]: Dispatching a signal from the signal pipe 2022.06.09 15:46:32 LOG7[main]: Processing SIGNAL_RELOAD_CONFIG 2022.06.09 15:46:33 LOG6[main]: Initializing inetd mode configuration 2022.06.09 15:46:33 LOG7[main]: Running on Windows 6.2 2022.06.09 15:46:33 LOG5[main]: Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf 2022.06.09 15:46:33 LOG5[main]: UTF-8 byte order mark detected 2022.06.09 15:46:33 LOG7[main]: Enabling support for engine "capi" 2022.06.09 15:46:33 LOG6[main]: UI not supported by engine #1 (capi) 2022.06.09 15:46:33 LOG7[main]: Initializing engine #1 (capi) 2022.06.09 15:46:33 LOG6[main]: Engine #1 (capi) initialized 2022.06.09 15:46:33 LOG5[main]: FIPS mode disabled 2022.06.09 15:46:33 LOG6[main]: Compression enabled: 0 methods 2022.06.09 15:46:33 LOG7[main]: No PRNG seeding was required 2022.06.09 15:46:33 LOG6[main]: Initializing service [O365] 2022.06.09 15:46:33 LOG6[main]: User-specified security level set: 0 2022.06.09 15:46:33 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK 2022.06.09 15:46:33 LOG7[main]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 2022.06.09 15:46:33 LOG7[main]: TLS options: 0x2100000 (+0x0, -0x0) 2022.06.09 15:46:33 LOG6[main]: Session resumption enabled 2022.06.09 15:46:33 LOG6[main]: Client certificate engine (capi) enabled 2022.06.09 15:46:33 LOG7[main]: No certificate or private key specified 2022.06.09 15:46:33 LOG4[main]: Service [O365] needs authentication to prevent MITM attacks 2022.06.09 15:46:33 LOG6[main]: DH initialization skipped: client section 2022.06.09 15:46:33 LOG7[main]: ECDH initialization 2022.06.09 15:46:33 LOG7[main]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384 2022.06.09 15:46:33 LOG5[main]: Configuration successful 2022.06.09 15:46:33 LOG7[main]: Unbinding service [O365] 2022.06.09 15:46:33 LOG7[main]: Service [O365] closed (FD=908) 2022.06.09 15:46:33 LOG7[main]: Service [O365] closed 2022.06.09 15:46:33 LOG7[main]: Deallocating deployed section defaults 2022.06.09 15:46:33 LOG7[main]: Deallocating section [O365] 2022.06.09 15:46:33 LOG5[main]: Logging to C:\Users\radc\AppData\Local\stunnel.log 2022.06.09 15:46:33 LOG7[main]: Binding service [O365] 2022.06.09 15:46:33 LOG7[main]: Listening file descriptor created (FD=1580) 2022.06.09 15:46:33 LOG7[main]: Setting accept socket options (FD=1580) 2022.06.09 15:46:33 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket 2022.06.09 15:46:33 LOG6[main]: Service [O365] (FD=1580) bound to 192.168.0.225:443 2022.06.09 15:47:19 LOG7[17]: Service [O365] started 2022.06.09 15:47:19 LOG7[17]: Setting local socket options (FD=1624) 2022.06.09 15:47:19 LOG7[main]: FD=604 ifds=r-x ofds=--- 2022.06.09 15:47:19 LOG7[17]: Option TCP_NODELAY set on local socket 2022.06.09 15:47:19 LOG5[17]: Service [O365] accepted connection from 192.168.0.200:55381 2022.06.09 15:47:19 LOG7[main]: FD=1580 ifds=r-x ofds=r-- 2022.06.09 15:47:19 LOG6[17]: failover: priority, starting at entry #0 2022.06.09 15:47:19 LOG7[main]: Service [O365] accepted (FD=1608) from 192.168.0.200:55382 2022.06.09 15:47:19 LOG6[17]: s_connect: connecting 52.98.152.162:443 2022.06.09 15:47:19 LOG7[main]: Creating a new thread 2022.06.09 15:47:19 LOG7[main]: New thread created 2022.06.09 15:47:19 LOG7[18]: Service [O365] started 2022.06.09 15:47:19 LOG7[18]: Setting local socket options (FD=1608) 2022.06.09 15:47:19 LOG7[18]: Option TCP_NODELAY set on local socket 2022.06.09 15:47:19 LOG5[18]: Service [O365] accepted connection from 192.168.0.200:55382 2022.06.09 15:47:19 LOG6[18]: failover: priority, starting at entry #0 2022.06.09 15:47:19 LOG6[18]: s_connect: connecting 52.98.152.162:443 2022.06.09 15:47:19 LOG7[17]: s_connect: s_poll_wait 52.98.152.162:443: waiting 10 seconds 2022.06.09 15:47:19 LOG7[17]: FD=1596 ifds=rwx ofds=--- 2022.06.09 15:47:19 LOG7[18]: s_connect: s_poll_wait 52.98.152.162:443: waiting 10 seconds 2022.06.09 15:47:19 LOG7[18]: FD=1204 ifds=rwx ofds=--- 2022.06.09 15:47:19 LOG5[17]: s_connect: connected 52.98.152.162:443 2022.06.09 15:47:19 LOG5[17]: Service [O365] connected remote server from 10.57.2.17:57847 2022.06.09 15:47:19 LOG7[17]: Setting remote socket options (FD=1596) 2022.06.09 15:47:19 LOG7[17]: Option TCP_NODELAY set on remote socket 2022.06.09 15:47:19 LOG7[17]: Remote descriptor (FD=1596) initialized 2022.06.09 15:47:19 LOG6[17]: SNI: sending servername: outlook.office.com 2022.06.09 15:47:19 LOG6[17]: Peer certificate not required 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): before SSL initialization 2022.06.09 15:47:19 LOG7[17]: Initializing application specific data for session authenticated 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG5[18]: s_connect: connected 52.98.152.162:443 2022.06.09 15:47:19 LOG5[18]: Service [O365] connected remote server from 10.57.2.17:57848 2022.06.09 15:47:19 LOG7[18]: Setting remote socket options (FD=1204) 2022.06.09 15:47:19 LOG7[18]: Option TCP_NODELAY set on remote socket 2022.06.09 15:47:19 LOG7[18]: Remote descriptor (FD=1204) initialized 2022.06.09 15:47:19 LOG6[18]: SNI: sending servername: outlook.office.com 2022.06.09 15:47:19 LOG6[18]: Peer certificate not required 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): before SSL initialization 2022.06.09 15:47:19 LOG7[18]: Initializing application specific data for session authenticated 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write change cipher spec 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write change cipher spec 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): TLSv1.3 read encrypted extensions 2022.06.09 15:47:19 LOG6[17]: Certificate verification disabled 2022.06.09 15:47:19 LOG6[17]: Certificate verification disabled 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS read server certificate 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): TLSv1.3 read server certificate verify 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS read finished 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write finished 2022.06.09 15:47:19 LOG7[17]: 2 client connect(s) requested 2022.06.09 15:47:19 LOG7[17]: 1 client connect(s) succeeded 2022.06.09 15:47:19 LOG7[17]: 0 client renegotiation(s) requested 2022.06.09 15:47:19 LOG7[17]: 0 session reuse(s) 2022.06.09 15:47:19 LOG6[17]: TLS connected: new session negotiated 2022.06.09 15:47:19 LOG6[17]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2022.06.09 15:47:19 LOG6[17]: Peer temporary key: ECDH, P-384, 384 bits 2022.06.09 15:47:19 LOG7[17]: Compression: null, expansion: null 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): TLSv1.3 read encrypted extensions 2022.06.09 15:47:19 LOG6[18]: Certificate verification disabled 2022.06.09 15:47:19 LOG6[18]: Certificate verification disabled 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS read server certificate 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): TLSv1.3 read server certificate verify 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS read finished 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write finished 2022.06.09 15:47:19 LOG7[18]: 2 client connect(s) requested 2022.06.09 15:47:19 LOG7[18]: 2 client connect(s) succeeded 2022.06.09 15:47:19 LOG7[18]: 0 client renegotiation(s) requested 2022.06.09 15:47:19 LOG7[18]: 0 session reuse(s) 2022.06.09 15:47:19 LOG6[18]: TLS connected: new session negotiated 2022.06.09 15:47:19 LOG6[18]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2022.06.09 15:47:19 LOG6[18]: Peer temporary key: ECDH, P-384, 384 bits 2022.06.09 15:47:19 LOG7[18]: Compression: null, expansion: null 2022.06.09 15:47:20 LOG7[17]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[17]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[17]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[17]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG7[17]: New session callback 2022.06.09 15:47:20 LOG7[17]: Peer certificate was cached (4822 bytes) 2022.06.09 15:47:20 LOG6[17]: Session id: 8C30BA078B16527A627B472B16BD94469EF8EF2C2B3DC4DE83C9E9DD0454AE89 2022.06.09 15:47:20 LOG7[17]: TLS state (connect): SSLv3/TLS read server session ticket 2022.06.09 15:47:20 LOG7[17]: Remove session callback 2022.06.09 15:47:20 LOG7[17]: TLS alert (write): fatal: decode error 2022.06.09 15:47:20 LOG3[17]: SSL_read: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.06.09 15:47:20 LOG5[17]: Connection reset: 517 byte(s) sent to TLS, 505 byte(s) sent to socket 2022.06.09 15:47:20 LOG7[17]: Remote descriptor (FD=1596) closed 2022.06.09 15:47:20 LOG7[17]: Local descriptor (FD=1624) closed 2022.06.09 15:47:20 LOG7[17]: Service [O365] finished (1 left) 2022.06.09 15:47:20 LOG7[main]: Found 1 ready file descriptor(s) 2022.06.09 15:47:20 LOG7[main]: FD=604 ifds=r-x ofds=--- 2022.06.09 15:47:20 LOG7[main]: FD=1580 ifds=r-x ofds=r-- 2022.06.09 15:47:20 LOG7[main]: Service [O365] accepted (FD=1132) from 192.168.0.200:55383 2022.06.09 15:47:20 LOG7[main]: Creating a new thread 2022.06.09 15:47:20 LOG7[main]: New thread created 2022.06.09 15:47:20 LOG7[19]: Service [O365] started 2022.06.09 15:47:20 LOG7[19]: Setting local socket options (FD=1132) 2022.06.09 15:47:20 LOG7[19]: Option TCP_NODELAY set on local socket 2022.06.09 15:47:20 LOG5[19]: Service [O365] accepted connection from 192.168.0.200:55383 2022.06.09 15:47:20 LOG6[19]: failover: priority, starting at entry #0 2022.06.09 15:47:20 LOG6[19]: s_connect: connecting 52.98.152.162:443 2022.06.09 15:47:20 LOG7[19]: s_connect: s_poll_wait 52.98.152.162:443: waiting 10 seconds 2022.06.09 15:47:20 LOG7[19]: FD=848 ifds=rwx ofds=--- 2022.06.09 15:47:20 LOG7[18]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[18]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[18]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[18]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG7[18]: New session callback 2022.06.09 15:47:20 LOG7[18]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG6[18]: Session id: 052BDBEAEF57DAF30820ADD1223A0C800EC7C7FBEFC8D6ECAAA50A67383A26F8 2022.06.09 15:47:20 LOG7[18]: TLS state (connect): SSLv3/TLS read server session ticket 2022.06.09 15:47:20 LOG7[18]: Remove session callback 2022.06.09 15:47:20 LOG7[18]: TLS alert (write): fatal: decode error 2022.06.09 15:47:20 LOG3[18]: SSL_read: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.06.09 15:47:20 LOG5[18]: Connection reset: 517 byte(s) sent to TLS, 505 byte(s) sent to socket 2022.06.09 15:47:20 LOG7[18]: Remote descriptor (FD=1204) closed 2022.06.09 15:47:20 LOG7[18]: Local descriptor (FD=1608) closed 2022.06.09 15:47:20 LOG7[18]: Service [O365] finished (1 left) 2022.06.09 15:47:20 LOG7[main]: Found 1 ready file descriptor(s) 2022.06.09 15:47:20 LOG7[main]: FD=604 ifds=r-x ofds=--- 2022.06.09 15:47:20 LOG7[main]: FD=1580 ifds=r-x ofds=r-- 2022.06.09 15:47:20 LOG7[main]: Service [O365] accepted (FD=844) from 192.168.0.200:55384 2022.06.09 15:47:20 LOG7[main]: Creating a new thread 2022.06.09 15:47:20 LOG7[main]: New thread created 2022.06.09 15:47:20 LOG7[20]: Service [O365] started 2022.06.09 15:47:20 LOG7[20]: Setting local socket options (FD=844) 2022.06.09 15:47:20 LOG7[20]: Option TCP_NODELAY set on local socket 2022.06.09 15:47:20 LOG5[20]: Service [O365] accepted connection from 192.168.0.200:55384 2022.06.09 15:47:20 LOG6[20]: failover: priority, starting at entry #0 2022.06.09 15:47:20 LOG6[20]: s_connect: connecting 52.98.152.162:443 2022.06.09 15:47:20 LOG7[20]: s_connect: s_poll_wait 52.98.152.162:443: waiting 10 seconds 2022.06.09 15:47:20 LOG7[20]: FD=1120 ifds=rwx ofds=--- 2022.06.09 15:47:20 LOG5[19]: s_connect: connected 52.98.152.162:443 2022.06.09 15:47:20 LOG5[19]: Service [O365] connected remote server from 10.57.2.17:57849 2022.06.09 15:47:20 LOG7[19]: Setting remote socket options (FD=848) 2022.06.09 15:47:20 LOG7[19]: Option TCP_NODELAY set on remote socket 2022.06.09 15:47:20 LOG7[19]: Remote descriptor (FD=848) initialized 2022.06.09 15:47:20 LOG6[19]: SNI: sending servername: outlook.office.com 2022.06.09 15:47:20 LOG6[19]: Peer certificate not required 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): before SSL initialization 2022.06.09 15:47:20 LOG7[19]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG5[20]: s_connect: connected 52.98.152.162:443 2022.06.09 15:47:20 LOG5[20]: Service [O365] connected remote server from 10.57.2.17:57850 2022.06.09 15:47:20 LOG7[20]: Setting remote socket options (FD=1120) 2022.06.09 15:47:20 LOG7[20]: Option TCP_NODELAY set on remote socket 2022.06.09 15:47:20 LOG7[20]: Remote descriptor (FD=1120) initialized 2022.06.09 15:47:20 LOG6[20]: SNI: sending servername: outlook.office.com 2022.06.09 15:47:20 LOG6[20]: Peer certificate not required 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): before SSL initialization 2022.06.09 15:47:20 LOG7[20]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write change cipher spec 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write change cipher spec 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): TLSv1.3 read encrypted extensions 2022.06.09 15:47:20 LOG6[19]: Certificate verification disabled 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): TLSv1.3 read encrypted extensions 2022.06.09 15:47:20 LOG6[19]: Certificate verification disabled 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read server certificate 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): TLSv1.3 read server certificate verify 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read finished 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write finished 2022.06.09 15:47:20 LOG7[19]: 4 client connect(s) requested 2022.06.09 15:47:20 LOG7[19]: 3 client connect(s) succeeded 2022.06.09 15:47:20 LOG7[19]: 0 client renegotiation(s) requested 2022.06.09 15:47:20 LOG7[19]: 0 session reuse(s) 2022.06.09 15:47:20 LOG6[19]: TLS connected: new session negotiated 2022.06.09 15:47:20 LOG6[19]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2022.06.09 15:47:20 LOG6[19]: Peer temporary key: ECDH, P-384, 384 bits 2022.06.09 15:47:20 LOG7[19]: Compression: null, expansion: null 2022.06.09 15:47:20 LOG6[20]: Certificate verification disabled 2022.06.09 15:47:20 LOG6[20]: Certificate verification disabled 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read server certificate 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): TLSv1.3 read server certificate verify 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read finished 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write finished 2022.06.09 15:47:20 LOG7[20]: 4 client connect(s) requested 2022.06.09 15:47:20 LOG7[20]: 4 client connect(s) succeeded 2022.06.09 15:47:20 LOG7[20]: 0 client renegotiation(s) requested 2022.06.09 15:47:20 LOG7[20]: 0 session reuse(s) 2022.06.09 15:47:20 LOG6[20]: TLS connected: new session negotiated 2022.06.09 15:47:20 LOG6[20]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2022.06.09 15:47:20 LOG6[20]: Peer temporary key: ECDH, P-384, 384 bits 2022.06.09 15:47:20 LOG7[20]: Compression: null, expansion: null 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[19]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[19]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG7[19]: New session callback 2022.06.09 15:47:20 LOG7[19]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG6[19]: Session id: 3E857D78696F2321EDEE2F622CDB1A050B70B915FB7A6DD37C5DE86EC311534F 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read server session ticket 2022.06.09 15:47:20 LOG7[19]: Remove session callback 2022.06.09 15:47:20 LOG7[19]: TLS alert (write): fatal: decode error 2022.06.09 15:47:20 LOG3[19]: SSL_read: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.06.09 15:47:20 LOG5[19]: Connection reset: 517 byte(s) sent to TLS, 505 byte(s) sent to socket 2022.06.09 15:47:20 LOG7[19]: Remote descriptor (FD=848) closed 2022.06.09 15:47:20 LOG7[19]: Local descriptor (FD=1132) closed 2022.06.09 15:47:20 LOG7[19]: Service [O365] finished (1 left) 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[20]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[20]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG7[20]: New session callback 2022.06.09 15:47:20 LOG7[20]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG6[20]: Session id: E65F2E71C3EF8E156FA8FAEB5AD445887573D80ED9889F65524514A6ABC02D99 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read server session ticket 2022.06.09 15:47:20 LOG7[20]: Remove session callback 2022.06.09 15:47:20 LOG7[20]: TLS alert (write): fatal: decode error 2022.06.09 15:47:20 LOG3[20]: SSL_read: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.06.09 15:47:20 LOG5[20]: Connection reset: 517 byte(s) sent to TLS, 505 byte(s) sent to socket 2022.06.09 15:47:20 LOG7[20]: Remote descriptor (FD=1120) closed 2022.06.09 15:47:20 LOG7[20]: Local descriptor (FD=844) closed 2022.06.09 15:47:20 LOG7[20]: Service [O365] finished (0 left)
Do you have any ideas?
I would like to know if stunnel and Blat are still viable solutions for sending unauthenticated SMTP mail. If they are then stunnel and Blat need to get their act together and provide some online technical support. There are too many of us slogging around in the mud not knowing what to do. For example I would like to know if there are any SMTP mail servers online that has port 25 open. I have been unable to find any. If port 25 is no longer an option then stunnel and Blat need to beef up their support for using authenticated ports. Come on guys, get your act together. ________________________________ From: raduci@gmail.com raduci@gmail.com Sent: Thursday, June 9, 2022 5:49 AM To: stunnel-users@stunnel.org stunnel-users@stunnel.org Subject: [stunnel-users] Connection to Outlook O365 owa
Dear all, I am trying to connect via stunnel to O365 OWA.
Configuration file is below: ; Sample stunnel configuration file for Win64 by Michal Trojnara 2002-2022 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options
; ************************************************************************** ; * Global options * ; **************************************************************************
; Debugging stuff (may be useful for troubleshooting) debug = 7 output = stunnel.log
; Enable FIPS 140-2 mode if needed for compliance ;fips = yes
; Microsoft CryptoAPI engine allows for authentication with private keys ; stored in the Windows certificate store ; Each section using this feature also needs the "engineId = capi" option engine = capi ; You also need to disable TLS 1.2 or later, because the CryptoAPI engine ; currently does not support PSS ;sslVersionMax = TLSv1.1 ; TLSv1.1 requires security level 0 when compiled OpenSSL 3.0 and later securityLevel = 0
; The pkcs11 engine allows for authentication with cryptographic ; keys isolated in a hardware or software token ; MODULE_PATH specifies the path to the pkcs11 module shared library, ; such as softhsm2-x64.dll or opensc-pkcs11.dll ; IMPORTANT: A 64-bit stunnel requires 64-bit PKCS#11 modules ; Each section using this feature also needs the "engineId = pkcs11" option ;engine = pkcs11 ;engineCtrl = MODULE_PATH:softhsm2-x64.dll ;engineCtrl = PIN:1234
; ************************************************************************** ; * Service defaults may also be specified in individual service sections * ; **************************************************************************
; Enable support for the insecure SSLv3 protocol ;options = -NO_SSLv3
; These options provide additional security at some performance degradation ;options = SINGLE_ECDH_USE ;options = SINGLE_DH_USE
; ************************************************************************** ; * Include all configuration file fragments from the specified folder * ; **************************************************************************
;include = conf.d
; ************************************************************************** ; * Service definitions (at least one service has to be defined) * ; **************************************************************************
; ***************************************** Example TLS client mode services
; Encrypted HTTP proxy authenticated with a client certificate ; located in the Windows certificate store [O365] client = yes accept = 192.168.0.225:443 connect = outlook.office.com:443 engineId = capi
; Encrypted HTTP proxy authenticated with a client certificate ; located in a cryptographic token ;[example-pkcs11] ;client = yes ;accept = 127.0.0.1:8080 ;connect = example.com:8443 ;engineId = pkcs11 ;cert = pkcs11:token=MyToken;object=MyCert ;key = pkcs11:token=MyToken;object=MyKey
; ***************************************** Example TLS server mode services
;[pop3s] ;accept = 995 ;connect = 110 ;cert = stunnel.pem
;[imaps] ;accept = 993 ;connect = 143 ;cert = stunnel.pem
; Either only expose this service to trusted networks, or require ; authentication when relaying emails originated from loopback. ; Otherwise the following configuration creates an open relay. ;[ssmtp] ;accept = 465 ;connect = 25 ;cert = stunnel.pem
; TLS front-end to a web server ;[https] ;accept = 443 ;connect = 80 ;cert = stunnel.pem ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel ; Microsoft implementations do not use TLS close-notify alert and thus they ; are vulnerable to truncation attacks ;TIMEOUTclose = 0
; Remote cmd.exe protected with PSK-authenticated TLS ; Create "secrets.txt" containing IDENTITY:KEY pairs ;[cmd] ;accept = 1337 ;exec = c:\windows\system32\cmd.exe ;execArgs = cmd.exe ;PSKsecrets = secrets.txt
; vim:ft=dosini
In the browser (Firefox) I get the below error: Secure Connection Failed
An error occurred during a connection to 192.168.0.225. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Chrome says: 192.168.0.225 sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR
Logs are below: Found 1 ready file descriptor(s) 2022.06.09 15:46:32 LOG7[main]: FD=604 ifds=r-x ofds=r-- 2022.06.09 15:46:32 LOG7[main]: FD=908 ifds=r-x ofds=--- 2022.06.09 15:46:32 LOG7[main]: Dispatching a signal from the signal pipe 2022.06.09 15:46:32 LOG7[main]: Processing SIGNAL_RELOAD_CONFIG 2022.06.09 15:46:33 LOG6[main]: Initializing inetd mode configuration 2022.06.09 15:46:33 LOG7[main]: Running on Windows 6.2 2022.06.09 15:46:33 LOG5[main]: Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf 2022.06.09 15:46:33 LOG5[main]: UTF-8 byte order mark detected 2022.06.09 15:46:33 LOG7[main]: Enabling support for engine "capi" 2022.06.09 15:46:33 LOG6[main]: UI not supported by engine #1 (capi) 2022.06.09 15:46:33 LOG7[main]: Initializing engine #1 (capi) 2022.06.09 15:46:33 LOG6[main]: Engine #1 (capi) initialized 2022.06.09 15:46:33 LOG5[main]: FIPS mode disabled 2022.06.09 15:46:33 LOG6[main]: Compression enabled: 0 methods 2022.06.09 15:46:33 LOG7[main]: No PRNG seeding was required 2022.06.09 15:46:33 LOG6[main]: Initializing service [O365] 2022.06.09 15:46:33 LOG6[main]: User-specified security level set: 0 2022.06.09 15:46:33 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK 2022.06.09 15:46:33 LOG7[main]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 2022.06.09 15:46:33 LOG7[main]: TLS options: 0x2100000 (+0x0, -0x0) 2022.06.09 15:46:33 LOG6[main]: Session resumption enabled 2022.06.09 15:46:33 LOG6[main]: Client certificate engine (capi) enabled 2022.06.09 15:46:33 LOG7[main]: No certificate or private key specified 2022.06.09 15:46:33 LOG4[main]: Service [O365] needs authentication to prevent MITM attacks 2022.06.09 15:46:33 LOG6[main]: DH initialization skipped: client section 2022.06.09 15:46:33 LOG7[main]: ECDH initialization 2022.06.09 15:46:33 LOG7[main]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384 2022.06.09 15:46:33 LOG5[main]: Configuration successful 2022.06.09 15:46:33 LOG7[main]: Unbinding service [O365] 2022.06.09 15:46:33 LOG7[main]: Service [O365] closed (FD=908) 2022.06.09 15:46:33 LOG7[main]: Service [O365] closed 2022.06.09 15:46:33 LOG7[main]: Deallocating deployed section defaults 2022.06.09 15:46:33 LOG7[main]: Deallocating section [O365] 2022.06.09 15:46:33 LOG5[main]: Logging to C:\Users\radc\AppData\Local\stunnel.log 2022.06.09 15:46:33 LOG7[main]: Binding service [O365] 2022.06.09 15:46:33 LOG7[main]: Listening file descriptor created (FD=1580) 2022.06.09 15:46:33 LOG7[main]: Setting accept socket options (FD=1580) 2022.06.09 15:46:33 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket 2022.06.09 15:46:33 LOG6[main]: Service [O365] (FD=1580) bound to 192.168.0.225:443 2022.06.09 15:47:19 LOG7[17]: Service [O365] started 2022.06.09 15:47:19 LOG7[17]: Setting local socket options (FD=1624) 2022.06.09 15:47:19 LOG7[main]: FD=604 ifds=r-x ofds=--- 2022.06.09 15:47:19 LOG7[17]: Option TCP_NODELAY set on local socket 2022.06.09 15:47:19 LOG5[17]: Service [O365] accepted connection from 192.168.0.200:55381 2022.06.09 15:47:19 LOG7[main]: FD=1580 ifds=r-x ofds=r-- 2022.06.09 15:47:19 LOG6[17]: failover: priority, starting at entry #0 2022.06.09 15:47:19 LOG7[main]: Service [O365] accepted (FD=1608) from 192.168.0.200:55382 2022.06.09 15:47:19 LOG6[17]: s_connect: connecting 52.98.152.162:443 2022.06.09 15:47:19 LOG7[main]: Creating a new thread 2022.06.09 15:47:19 LOG7[main]: New thread created 2022.06.09 15:47:19 LOG7[18]: Service [O365] started 2022.06.09 15:47:19 LOG7[18]: Setting local socket options (FD=1608) 2022.06.09 15:47:19 LOG7[18]: Option TCP_NODELAY set on local socket 2022.06.09 15:47:19 LOG5[18]: Service [O365] accepted connection from 192.168.0.200:55382 2022.06.09 15:47:19 LOG6[18]: failover: priority, starting at entry #0 2022.06.09 15:47:19 LOG6[18]: s_connect: connecting 52.98.152.162:443 2022.06.09 15:47:19 LOG7[17]: s_connect: s_poll_wait 52.98.152.162:443: waiting 10 seconds 2022.06.09 15:47:19 LOG7[17]: FD=1596 ifds=rwx ofds=--- 2022.06.09 15:47:19 LOG7[18]: s_connect: s_poll_wait 52.98.152.162:443: waiting 10 seconds 2022.06.09 15:47:19 LOG7[18]: FD=1204 ifds=rwx ofds=--- 2022.06.09 15:47:19 LOG5[17]: s_connect: connected 52.98.152.162:443 2022.06.09 15:47:19 LOG5[17]: Service [O365] connected remote server from 10.57.2.17:57847 2022.06.09 15:47:19 LOG7[17]: Setting remote socket options (FD=1596) 2022.06.09 15:47:19 LOG7[17]: Option TCP_NODELAY set on remote socket 2022.06.09 15:47:19 LOG7[17]: Remote descriptor (FD=1596) initialized 2022.06.09 15:47:19 LOG6[17]: SNI: sending servername: outlook.office.com 2022.06.09 15:47:19 LOG6[17]: Peer certificate not required 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): before SSL initialization 2022.06.09 15:47:19 LOG7[17]: Initializing application specific data for session authenticated 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG5[18]: s_connect: connected 52.98.152.162:443 2022.06.09 15:47:19 LOG5[18]: Service [O365] connected remote server from 10.57.2.17:57848 2022.06.09 15:47:19 LOG7[18]: Setting remote socket options (FD=1204) 2022.06.09 15:47:19 LOG7[18]: Option TCP_NODELAY set on remote socket 2022.06.09 15:47:19 LOG7[18]: Remote descriptor (FD=1204) initialized 2022.06.09 15:47:19 LOG6[18]: SNI: sending servername: outlook.office.com 2022.06.09 15:47:19 LOG6[18]: Peer certificate not required 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): before SSL initialization 2022.06.09 15:47:19 LOG7[18]: Initializing application specific data for session authenticated 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write change cipher spec 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write change cipher spec 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): TLSv1.3 read encrypted extensions 2022.06.09 15:47:19 LOG6[17]: Certificate verification disabled 2022.06.09 15:47:19 LOG6[17]: Certificate verification disabled 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS read server certificate 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): TLSv1.3 read server certificate verify 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS read finished 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:19 LOG7[17]: TLS state (connect): SSLv3/TLS write finished 2022.06.09 15:47:19 LOG7[17]: 2 client connect(s) requested 2022.06.09 15:47:19 LOG7[17]: 1 client connect(s) succeeded 2022.06.09 15:47:19 LOG7[17]: 0 client renegotiation(s) requested 2022.06.09 15:47:19 LOG7[17]: 0 session reuse(s) 2022.06.09 15:47:19 LOG6[17]: TLS connected: new session negotiated 2022.06.09 15:47:19 LOG6[17]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2022.06.09 15:47:19 LOG6[17]: Peer temporary key: ECDH, P-384, 384 bits 2022.06.09 15:47:19 LOG7[17]: Compression: null, expansion: null 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): TLSv1.3 read encrypted extensions 2022.06.09 15:47:19 LOG6[18]: Certificate verification disabled 2022.06.09 15:47:19 LOG6[18]: Certificate verification disabled 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS read server certificate 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): TLSv1.3 read server certificate verify 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS read finished 2022.06.09 15:47:19 LOG7[18]: TLS state (connect): SSLv3/TLS write finished 2022.06.09 15:47:19 LOG7[18]: 2 client connect(s) requested 2022.06.09 15:47:19 LOG7[18]: 2 client connect(s) succeeded 2022.06.09 15:47:19 LOG7[18]: 0 client renegotiation(s) requested 2022.06.09 15:47:19 LOG7[18]: 0 session reuse(s) 2022.06.09 15:47:19 LOG6[18]: TLS connected: new session negotiated 2022.06.09 15:47:19 LOG6[18]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2022.06.09 15:47:19 LOG6[18]: Peer temporary key: ECDH, P-384, 384 bits 2022.06.09 15:47:19 LOG7[18]: Compression: null, expansion: null 2022.06.09 15:47:20 LOG7[17]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[17]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[17]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[17]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG7[17]: New session callback 2022.06.09 15:47:20 LOG7[17]: Peer certificate was cached (4822 bytes) 2022.06.09 15:47:20 LOG6[17]: Session id: 8C30BA078B16527A627B472B16BD94469EF8EF2C2B3DC4DE83C9E9DD0454AE89 2022.06.09 15:47:20 LOG7[17]: TLS state (connect): SSLv3/TLS read server session ticket 2022.06.09 15:47:20 LOG7[17]: Remove session callback 2022.06.09 15:47:20 LOG7[17]: TLS alert (write): fatal: decode error 2022.06.09 15:47:20 LOG3[17]: SSL_read: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.06.09 15:47:20 LOG5[17]: Connection reset: 517 byte(s) sent to TLS, 505 byte(s) sent to socket 2022.06.09 15:47:20 LOG7[17]: Remote descriptor (FD=1596) closed 2022.06.09 15:47:20 LOG7[17]: Local descriptor (FD=1624) closed 2022.06.09 15:47:20 LOG7[17]: Service [O365] finished (1 left) 2022.06.09 15:47:20 LOG7[main]: Found 1 ready file descriptor(s) 2022.06.09 15:47:20 LOG7[main]: FD=604 ifds=r-x ofds=--- 2022.06.09 15:47:20 LOG7[main]: FD=1580 ifds=r-x ofds=r-- 2022.06.09 15:47:20 LOG7[main]: Service [O365] accepted (FD=1132) from 192.168.0.200:55383 2022.06.09 15:47:20 LOG7[main]: Creating a new thread 2022.06.09 15:47:20 LOG7[main]: New thread created 2022.06.09 15:47:20 LOG7[19]: Service [O365] started 2022.06.09 15:47:20 LOG7[19]: Setting local socket options (FD=1132) 2022.06.09 15:47:20 LOG7[19]: Option TCP_NODELAY set on local socket 2022.06.09 15:47:20 LOG5[19]: Service [O365] accepted connection from 192.168.0.200:55383 2022.06.09 15:47:20 LOG6[19]: failover: priority, starting at entry #0 2022.06.09 15:47:20 LOG6[19]: s_connect: connecting 52.98.152.162:443 2022.06.09 15:47:20 LOG7[19]: s_connect: s_poll_wait 52.98.152.162:443: waiting 10 seconds 2022.06.09 15:47:20 LOG7[19]: FD=848 ifds=rwx ofds=--- 2022.06.09 15:47:20 LOG7[18]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[18]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[18]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[18]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG7[18]: New session callback 2022.06.09 15:47:20 LOG7[18]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG6[18]: Session id: 052BDBEAEF57DAF30820ADD1223A0C800EC7C7FBEFC8D6ECAAA50A67383A26F8 2022.06.09 15:47:20 LOG7[18]: TLS state (connect): SSLv3/TLS read server session ticket 2022.06.09 15:47:20 LOG7[18]: Remove session callback 2022.06.09 15:47:20 LOG7[18]: TLS alert (write): fatal: decode error 2022.06.09 15:47:20 LOG3[18]: SSL_read: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.06.09 15:47:20 LOG5[18]: Connection reset: 517 byte(s) sent to TLS, 505 byte(s) sent to socket 2022.06.09 15:47:20 LOG7[18]: Remote descriptor (FD=1204) closed 2022.06.09 15:47:20 LOG7[18]: Local descriptor (FD=1608) closed 2022.06.09 15:47:20 LOG7[18]: Service [O365] finished (1 left) 2022.06.09 15:47:20 LOG7[main]: Found 1 ready file descriptor(s) 2022.06.09 15:47:20 LOG7[main]: FD=604 ifds=r-x ofds=--- 2022.06.09 15:47:20 LOG7[main]: FD=1580 ifds=r-x ofds=r-- 2022.06.09 15:47:20 LOG7[main]: Service [O365] accepted (FD=844) from 192.168.0.200:55384 2022.06.09 15:47:20 LOG7[main]: Creating a new thread 2022.06.09 15:47:20 LOG7[main]: New thread created 2022.06.09 15:47:20 LOG7[20]: Service [O365] started 2022.06.09 15:47:20 LOG7[20]: Setting local socket options (FD=844) 2022.06.09 15:47:20 LOG7[20]: Option TCP_NODELAY set on local socket 2022.06.09 15:47:20 LOG5[20]: Service [O365] accepted connection from 192.168.0.200:55384 2022.06.09 15:47:20 LOG6[20]: failover: priority, starting at entry #0 2022.06.09 15:47:20 LOG6[20]: s_connect: connecting 52.98.152.162:443 2022.06.09 15:47:20 LOG7[20]: s_connect: s_poll_wait 52.98.152.162:443: waiting 10 seconds 2022.06.09 15:47:20 LOG7[20]: FD=1120 ifds=rwx ofds=--- 2022.06.09 15:47:20 LOG5[19]: s_connect: connected 52.98.152.162:443 2022.06.09 15:47:20 LOG5[19]: Service [O365] connected remote server from 10.57.2.17:57849 2022.06.09 15:47:20 LOG7[19]: Setting remote socket options (FD=848) 2022.06.09 15:47:20 LOG7[19]: Option TCP_NODELAY set on remote socket 2022.06.09 15:47:20 LOG7[19]: Remote descriptor (FD=848) initialized 2022.06.09 15:47:20 LOG6[19]: SNI: sending servername: outlook.office.com 2022.06.09 15:47:20 LOG6[19]: Peer certificate not required 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): before SSL initialization 2022.06.09 15:47:20 LOG7[19]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG5[20]: s_connect: connected 52.98.152.162:443 2022.06.09 15:47:20 LOG5[20]: Service [O365] connected remote server from 10.57.2.17:57850 2022.06.09 15:47:20 LOG7[20]: Setting remote socket options (FD=1120) 2022.06.09 15:47:20 LOG7[20]: Option TCP_NODELAY set on remote socket 2022.06.09 15:47:20 LOG7[20]: Remote descriptor (FD=1120) initialized 2022.06.09 15:47:20 LOG6[20]: SNI: sending servername: outlook.office.com 2022.06.09 15:47:20 LOG6[20]: Peer certificate not required 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): before SSL initialization 2022.06.09 15:47:20 LOG7[20]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write change cipher spec 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write change cipher spec 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write client hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): TLSv1.3 read encrypted extensions 2022.06.09 15:47:20 LOG6[19]: Certificate verification disabled 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read server hello 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): TLSv1.3 read encrypted extensions 2022.06.09 15:47:20 LOG6[19]: Certificate verification disabled 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read server certificate 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): TLSv1.3 read server certificate verify 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read finished 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS write finished 2022.06.09 15:47:20 LOG7[19]: 4 client connect(s) requested 2022.06.09 15:47:20 LOG7[19]: 3 client connect(s) succeeded 2022.06.09 15:47:20 LOG7[19]: 0 client renegotiation(s) requested 2022.06.09 15:47:20 LOG7[19]: 0 session reuse(s) 2022.06.09 15:47:20 LOG6[19]: TLS connected: new session negotiated 2022.06.09 15:47:20 LOG6[19]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2022.06.09 15:47:20 LOG6[19]: Peer temporary key: ECDH, P-384, 384 bits 2022.06.09 15:47:20 LOG7[19]: Compression: null, expansion: null 2022.06.09 15:47:20 LOG6[20]: Certificate verification disabled 2022.06.09 15:47:20 LOG6[20]: Certificate verification disabled 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read server certificate 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): TLSv1.3 read server certificate verify 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read finished 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS write finished 2022.06.09 15:47:20 LOG7[20]: 4 client connect(s) requested 2022.06.09 15:47:20 LOG7[20]: 4 client connect(s) succeeded 2022.06.09 15:47:20 LOG7[20]: 0 client renegotiation(s) requested 2022.06.09 15:47:20 LOG7[20]: 0 session reuse(s) 2022.06.09 15:47:20 LOG6[20]: TLS connected: new session negotiated 2022.06.09 15:47:20 LOG6[20]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2022.06.09 15:47:20 LOG6[20]: Peer temporary key: ECDH, P-384, 384 bits 2022.06.09 15:47:20 LOG7[20]: Compression: null, expansion: null 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[19]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[19]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG7[19]: New session callback 2022.06.09 15:47:20 LOG7[19]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG6[19]: Session id: 3E857D78696F2321EDEE2F622CDB1A050B70B915FB7A6DD37C5DE86EC311534F 2022.06.09 15:47:20 LOG7[19]: TLS state (connect): SSLv3/TLS read server session ticket 2022.06.09 15:47:20 LOG7[19]: Remove session callback 2022.06.09 15:47:20 LOG7[19]: TLS alert (write): fatal: decode error 2022.06.09 15:47:20 LOG3[19]: SSL_read: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.06.09 15:47:20 LOG5[19]: Connection reset: 517 byte(s) sent to TLS, 505 byte(s) sent to socket 2022.06.09 15:47:20 LOG7[19]: Remote descriptor (FD=848) closed 2022.06.09 15:47:20 LOG7[19]: Local descriptor (FD=1132) closed 2022.06.09 15:47:20 LOG7[19]: Service [O365] finished (1 left) 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSL negotiation finished successfully 2022.06.09 15:47:20 LOG7[20]: Initializing application specific data for session authenticated 2022.06.09 15:47:20 LOG7[20]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG7[20]: New session callback 2022.06.09 15:47:20 LOG7[20]: Deallocating application specific data for session connect address 2022.06.09 15:47:20 LOG6[20]: Session id: E65F2E71C3EF8E156FA8FAEB5AD445887573D80ED9889F65524514A6ABC02D99 2022.06.09 15:47:20 LOG7[20]: TLS state (connect): SSLv3/TLS read server session ticket 2022.06.09 15:47:20 LOG7[20]: Remove session callback 2022.06.09 15:47:20 LOG7[20]: TLS alert (write): fatal: decode error 2022.06.09 15:47:20 LOG3[20]: SSL_read: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.06.09 15:47:20 LOG5[20]: Connection reset: 517 byte(s) sent to TLS, 505 byte(s) sent to socket 2022.06.09 15:47:20 LOG7[20]: Remote descriptor (FD=1120) closed 2022.06.09 15:47:20 LOG7[20]: Local descriptor (FD=844) closed 2022.06.09 15:47:20 LOG7[20]: Service [O365] finished (0 left)
Do you have any ideas? _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
-
Phillip Parker -
raduci@gmail.com