I have a personal webserver running on Win2K Pro SP4 that listens on port 17875. This server is accessible through my NAT and software firewall (ZoneAlarm Pro). I then installed STunnel with the following conf:
[https] accept=4430 connect=17875 TIMEOUTclose=0
Now, when I access https://<server>:4430, I get a HTTP 400 (Bad Request) error message, with both Internet Explorer 6 and FireFox 1.01. However, if I change the accept port from 4430 to 443 (and make the appropriate changes on the NAT for port forwarding), and use https://<server>, it works. I don't want to use the standard port. What am I doing wrong?
Here's the log that STunnel generated:
2005.03.16 08:33:26 LOG5[1044:288]: stunnel 4.08 on x86-pc-mingw32-gnu WIN32+IPv4 with OpenSSL 0.9.7e 25 Oct 2004 2005.03.16 08:33:26 LOG7[1044:1096]: RAND_status claims sufficient entropy for the PRNG 2005.03.16 08:33:26 LOG6[1044:1096]: PRNG seeded successfully 2005.03.16 08:33:26 LOG7[1044:1096]: Certificate: stunnel.pem 2005.03.16 08:33:26 LOG7[1044:1096]: Key file: stunnel.pem 2005.03.16 08:33:26 LOG5[1044:1096]: No limit detected for the number of clients 2005.03.16 08:33:26 LOG7[1044:1096]: FD 168 in non-blocking mode 2005.03.16 08:33:26 LOG7[1044:1096]: SO_REUSEADDR option set on accept socket 2005.03.16 08:33:26 LOG7[1044:1096]: https bound to 0.0.0.0:4430 2005.03.16 08:34:08 LOG7[1044:1096]: https accepted FD=180 from 192.168.0.2:4864 2005.03.16 08:34:08 LOG7[1044:1096]: FD 180 in non-blocking mode 2005.03.16 08:34:08 LOG7[1044:1096]: Creating a new thread 2005.03.16 08:34:08 LOG7[1044:1096]: New thread created 2005.03.16 08:34:08 LOG7[1044:896]: https started 2005.03.16 08:34:08 LOG5[1044:896]: https connected from 192.168.0.2:4864 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): before/accept initialization 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read client hello A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write server hello A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write certificate A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write server done A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 flush data 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read client key exchange A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read finished A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write change cipher spec A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write finished A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 flush data 2005.03.16 08:34:08 LOG7[1044:896]: 1 items in the session cache 2005.03.16 08:34:08 LOG7[1044:896]: 0 client connects (SSL_connect()) 2005.03.16 08:34:08 LOG7[1044:896]: 0 client connects that finished 2005.03.16 08:34:08 LOG7[1044:896]: 0 client renegotiatations requested 2005.03.16 08:34:08 LOG7[1044:896]: 1 server connects (SSL_accept()) 2005.03.16 08:34:08 LOG7[1044:896]: 1 server connects that finished 2005.03.16 08:34:08 LOG7[1044:896]: 0 server renegotiatiations requested 2005.03.16 08:34:08 LOG7[1044:896]: 0 session cache hits 2005.03.16 08:34:08 LOG7[1044:896]: 1 session cache misses 2005.03.16 08:34:08 LOG7[1044:896]: 0 session cache timeouts 2005.03.16 08:34:08 LOG6[1044:896]: SSL accepted: new session negotiated 2005.03.16 08:34:08 LOG6[1044:896]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2005.03.16 08:34:08 LOG7[1044:896]: FD 200 in non-blocking mode 2005.03.16 08:34:08 LOG7[1044:896]: https connecting 127.0.0.1:17875 2005.03.16 08:34:08 LOG7[1044:896]: connect_wait: waiting 10 seconds 2005.03.16 08:34:08 LOG7[1044:896]: connect_wait: connected 2005.03.16 08:34:08 LOG7[1044:896]: Remote FD=200 initialized 2005.03.16 08:34:08 LOG7[1044:896]: Socket closed on read 2005.03.16 08:34:08 LOG7[1044:896]: SSL write shutdown 2005.03.16 08:34:08 LOG7[1044:896]: SSL alert (write): warning: close notify 2005.03.16 08:34:08 LOG7[1044:896]: SSL_shutdown retrying 2005.03.16 08:34:08 LOG7[1044:896]: s_poll_wait timeout waiting for SSL close_notify 2005.03.16 08:34:08 LOG5[1044:896]: Connection closed: 208 bytes sent to SSL, 389 bytes sent to socket 2005.03.16 08:34:08 LOG7[1044:896]: https finished (0 left)
Any help much appreciated.
Thanks.
Hi Chetan
I guess IIS sent back redirect message. Check IIS log. And what happnes if you use "https://<server>:4430/", where slash on the end is the key.
regards taka
Thanks for the response.
Sorry, I don't have IIS running. I am running a lightweight freeware server called Abyss X1, from http://www.aprelium.com
I haven't tried the second option with the slash at the end, will try and report back when I get home
----- Original Message ----- From: "ikeda@areabe" ikeda@areabe.com To: "Chetan Rao" game_programer@hotmail.com; stunnel-users@mirt.net Sent: Wednesday, March 16, 2005 6:51 PM Subject: Re: [stunnel-users] Problems using STunnel with a non-default port - Please Help
Hi Chetan
I guess IIS sent back redirect message. Check IIS log. And what happnes if you use "https://<server>:4430/", where slash on the end is the key.
regards taka
I tried https://<server>:4430/ with the same result.
When I looked at the log, it seems like the connection was never made from STunnel to the server. The server logs indicate no activity.
Any ideas?
Thanks.
----- Original Message ----- From: "ikeda@areabe" ikeda@areabe.com To: "Chetan Rao" game_programer@hotmail.com; stunnel-users@mirt.net Sent: Wednesday, March 16, 2005 6:51 PM Subject: Re: [stunnel-users] Problems using STunnel with a non-default port - Please Help
Hi Chetan
I guess IIS sent back redirect message. Check IIS log. And what happnes if you use "https://<server>:4430/", where slash on the end is the key.
regards taka
Hi Taka,
Two things though:
a. The server is running on Win2k, not XP, so I am not sure if the article applies. b. STunnel is using 127.0.0.1 to try and connect to the server, as shown by the following line from my original log:
2005.03.16 08:34:08 LOG7[1044:896]: https connecting 127.0.0.1:17875
This is certainly a big mystery as to why its not working.
Any other ideas?
Thanks again.
----- Original Message ----- From: "ikeda@areabe" ikeda@areabe.com To: "Chetan Rao" game_programer@hotmail.com; stunnel-users@mirt.net Sent: Thursday, March 17, 2005 11:57 AM Subject: Re: [stunnel-users] Problems using STunnel with a non-default port - Please Help
Hi Chetan
See this article.
http://support.microsoft.com/default.aspx?kbid=884020
Thanks taka
-
Chetan Rao -
ikeda@areabe