Hi guys, I have been running stunnel in production for my email server users. It’s been great. It’s pretty stable, and does all that I ned to allow my users to connect to my ancient mailserver (EIMS) with modern SSL. In fact, it’s been so stable that until recently I had no backup on stunnel It just ran. Unfortunately, I have had some incidents where stunnel just crashes. When it does, it looks like my email facilities are completely down - not good. I now have a script that monitors stunnel, and when stunnel dies, the script re-starts it. Below is a snippet of my stunnel log at the crash point. Does anyone else have this problem? Are the developers interested in my data? I installed it as a pre-built binary package, and this is the most recent version in the packages collection, so I am reluctant to build my own stunnel. Thank you for a great tool. -dgl- 2026.02.06 15:04:25 LOG5[75312]: Connection closed: 784 byte(s) sent to TLS, 224 byte(s) sent to socket 2026.02.06 15:04:25 LOG5[75311]: Connection closed: 2036 byte(s) sent to TLS, 22 9 byte(s) sent to socket 2026.02.06 15:04:25 LOG5[75313]: Service [imaps] accepted connection from 107.12 3.20.177:6908 2026.02.06 15:04:25 LOG5[75314]: Service [imaps] accepted connection from 107.12 3.20.177:9568 2026.02.06 15:04:25 LOG5[75313]: s_connect: connected 71.39.101.34:143 2026.02.06 15:04:25 LOG5[75313]: Service [imaps] connected remote server from 71 .39.101.39:49527 2026.02.06 15:04:25 LOG5[75314]: s_connect: connected 71.39.101.34:143 2026.02.06 15:04:25 LOG5[75314]: Service [imaps] connected remote server from 71 .39.101.39:49526 2026.02.06 15:04:28 LOG3[per-minute]: OCSP: OCSP_check_validity: /usr/src/crypto /external/bsd/openssl/dist/crypto/ocsp/ocsp_cl.c:378: error:2707307D:OCSP routin es:OCSP_check_validity:status expired 2026.02.06 15:04:28 LOG4[per-minute]: OCSP: Unknown verification status INTERNAL ERROR: Memory allocated in a different thread at ocsp.c, line 412 2026.02.06 15:04:41 LOG5[ui]: stunnel 5.73 on x86_64--netbsd platform 2026.02.06 15:04:41 LOG5[ui]: Compiled/running with OpenSSL 1.1.1t 7 Feb 2023 2026.02.06 15:04:41 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCS P,PSK,SNI Auth:LIBWRAP 2026.02.06 15:04:41 LOG5[ui]: Reading configuration from file /usr/pkg/etc/stunn el/stunnel.conf 2026.02.06 15:04:41 LOG5[ui]: UTF-8 byte order mark detected 2026.02.06 15:04:41 LOG5[ui]: OCSP: Connecting the AIA responder "http://status. rapidssl.com"
https://cdn.netbsd.org/pub/pkgsrc/current/pkgsrc/security/stunnel/in dex.html Version 5.75 is listed here, and is the latest that my Fedora 42/43 systems show. There is a 5.76 released by site, but generally wait for redhat/fedora to come out with their version. Might want to look at what you have in your stunnel.com for that IP address. An example on what I use for my connections. [gmailpop] client=yes accept = 127.0.0.1:20995 connect = pop.gmail.com:995 debug = 7 verifyChain = yes CApath = /etc/ssl/certs checkHost = pop.gmail.com OCSPaia = yes Use loglevel 7 to get additional info. Some sites work with last 4 options, but some don't. Do you have to reboot to get it to work, or just restart stunnel? On linux systemctl restart stunnel works for me, but think I've only need it 3 or 4 times in many years. Hope that helps. On 6 Feb 2026 at 17:58, Don Lee via stunnel-users wrote: Date sent: Fri, 6 Feb 2026 17:58:29 -0600 To: Kevin Morris via stunnel-users <stunnel-users@stunnel.org> Subject: [stunnel-users] Rare crashes of stunnel patches" <stunnel-users.stunnel.org> From: Don Lee via stunnel-users <stunnel-users@stunnel.org> Send reply to: Don Lee <stunnel@c.icompute.com>
Hi guys,
I have been running stunnel in production for my email server users. It’s been great. It’s pretty stable, and does all that I ned to allow my users to connect to my ancient mailserver (EIMS) with modern SSL.
In fact, it’s been so stable that until recently I had no backup on stunnel It just ran.
Unfortunately, I have had some incidents where stunnel just crashes. When it does, it looks like my email facilities are completely down - not good. I now have a script that monitors stunnel, and when stunnel dies, the script re-starts it.
Below is a snippet of my stunnel log at the crash point.
Does anyone else have this problem?
Are the developers interested in my data?
I installed it as a pre-built binary package, and this is the most recent version in the packages collection, so I am reluctant to build my own stunnel.
Thank you for a great tool.
-dgl-
2026.02.06 15:04:25 LOG5[75312]: Connection closed: 784 byte(s) sent to TLS, 224 byte(s) sent to socket 2026.02.06 15:04:25 LOG5[75311]: Connection closed: 2036 byte(s) sent to TLS, 22 9 byte(s) sent to socket 2026.02.06 15:04:25 LOG5[75313]: Service [imaps] accepted connection from 107.12 3.20.177:6908 2026.02.06 15:04:25 LOG5[75314]: Service [imaps] accepted connection from 107.12 3.20.177:9568 2026.02.06 15:04:25 LOG5[75313]: s_connect: connected 71.39.101.34:143 2026.02.06 15:04:25 LOG5[75313]: Service [imaps] connected remote server from 71 .39.101.39:49527 2026.02.06 15:04:25 LOG5[75314]: s_connect: connected 71.39.101.34:143 2026.02.06 15:04:25 LOG5[75314]: Service [imaps] connected remote server from 71 .39.101.39:49526 2026.02.06 15:04:28 LOG3[per-minute]: OCSP: OCSP_check_validity: /usr/src/crypto /external/bsd/openssl/dist/crypto/ocsp/ocsp_cl.c:378: error:2707307D:OCSP routin es:OCSP_check_validity:status expired 2026.02.06 15:04:28 LOG4[per-minute]: OCSP: Unknown verification status INTERNAL ERROR: Memory allocated in a different thread at ocsp.c, line 412 2026.02.06 15:04:41 LOG5[ui]: stunnel 5.73 on x86_64--netbsd platform 2026.02.06 15:04:41 LOG5[ui]: Compiled/running with OpenSSL 1.1.1t 7 Feb 2023 2026.02.06 15:04:41 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCS P,PSK,SNI Auth:LIBWRAP 2026.02.06 15:04:41 LOG5[ui]: Reading configuration from file /usr/pkg/etc/stunn el/stunnel.conf 2026.02.06 15:04:41 LOG5[ui]: UTF-8 byte order mark detected 2026.02.06 15:04:41 LOG5[ui]: OCSP: Connecting the AIA responder "http://status. rapidssl.com"
_______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
+------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:mikes@guam.net mailto:msetzerii@gmail.com mailto:msetzerii@gmx.com Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+
participants (2)
-
Don Lee -
Michael D. Setzer II