Have worked on this all day without any glimmer of hope and would appreciate help and feedback! Regards, KAM # Description of your problem. What programs are on which machines, and how are they attempting to communicate. What connections are you attempting to secure in SSL. I am having problems with the regeneration of stunnel on an old but fairly reliable machine. I am switching from v3 to v4 and it works absolutely perfectly ONCE. The second time it just hangs. # What version of Stunnel you're using - remember, Stunnel 4.x doesn't take Stunnel 3.x command line options! 4.x # The list of parameters you are using for stunnel, and if you are running it standalone or from inetd/xinetd. I am running it in standalone. My conf file is: cert = /usr/local/ssl/certs/stunnel.pem key = /usr/local/ssl/certs/stunnel.pem chroot = /usr/local/var/stunnel/ setuid = nobody setgid = nobody pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = stunnel.log [ssmtp] accept = 465 connect = 10.10.10.30:25 # Output of "stunnel -f -D 7 <your-parameters>". Not sure this works on v4.X but here are the logs from the connection: 2005.11.18 19:17:56 LOG7[13166:1024]: ssmtp accepted FD=7 from 66.149.103.32:3542 2005.11.18 19:17:56 LOG7[13171:1026]: ssmtp started 2005.11.18 19:17:56 LOG7[13171:1026]: FD 7 in non-blocking mode 2005.11.18 19:17:56 LOG7[13171:1026]: TCP_NODELAY option set on local socket 2005.11.18 19:17:56 LOG7[13171:1026]: FD 10 in non-blocking mode 2005.11.18 19:17:56 LOG7[13171:1026]: FD 11 in non-blocking mode 2005.11.18 19:17:56 LOG7[13171:1026]: Connection from 66.149.103.32:3542 permitted by libwrap 2005.11.18 19:17:56 LOG5[13171:1026]: ssmtp connected from 66.149.103.32:3542 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): before/accept initialization 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 read client hello A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write server hello A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write certificate A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write server done A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 flush data 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 read client key exchange A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 read finished A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write change cipher spec A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write finished A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 flush data 2005.11.18 19:17:56 LOG7[13171:1026]: 1 items in the session cache 2005.11.18 19:17:56 LOG7[13171:1026]: 0 client connects (SSL_connect()) 2005.11.18 19:17:56 LOG7[13171:1026]: 0 client connects that finished 2005.11.18 19:17:56 LOG7[13171:1026]: 0 client renegotiatations requested 2005.11.18 19:17:56 LOG7[13171:1026]: 1 server connects (SSL_accept()) 2005.11.18 19:17:56 LOG7[13171:1026]: 1 server connects that finished 2005.11.18 19:17:56 LOG7[13171:1026]: 0 server renegotiatiations requested 2005.11.18 19:17:56 LOG7[13171:1026]: 0 session cache hits 2005.11.18 19:17:56 LOG7[13171:1026]: 1 session cache misses 2005.11.18 19:17:56 LOG7[13171:1026]: 0 session cache timeouts 2005.11.18 19:17:56 LOG6[13171:1026]: SSL accepted: new session negotiated 2005.11.18 19:17:56 LOG6[13171:1026]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2005.11.18 19:17:56 LOG7[13171:1026]: FD 10 in non-blocking mode 2005.11.18 19:17:56 LOG7[13171:1026]: ssmtp connecting 10.10.10.30:25 2005.11.18 19:17:56 LOG7[13171:1026]: connect_wait: waiting 10 seconds 2005.11.18 19:17:56 LOG7[13171:1026]: connect_wait: connected 2005.11.18 19:17:56 LOG7[13171:1026]: Remote FD=10 initialized 2005.11.18 19:17:56 LOG7[13171:1026]: TCP_NODELAY option set on remote socket 2005.11.18 19:17:58 LOG7[13171:1026]: Socket closed on read 2005.11.18 19:17:58 LOG7[13171:1026]: SSL write shutdown 2005.11.18 19:17:58 LOG7[13171:1026]: SSL alert (write): warning: close notify 2005.11.18 19:17:58 LOG7[13171:1026]: SSL_shutdown retrying 2005.11.18 19:17:58 LOG7[13171:1026]: SSL doesn't need to read or write 2005.11.18 19:17:58 LOG7[13171:1026]: SSL socket closed on SSL_read 2005.11.18 19:17:58 LOG7[13171:1026]: Socket write shutdown 2005.11.18 19:17:58 LOG5[13171:1026]: Connection closed: 827 bytes sent to SSL, 1362 bytes sent to socket 2005.11.18 19:17:58 LOG7[13171:1026]: ssmtp finished (-1 left) There is nothing more after this point # Output of "stunnel -V". I think you want -version: /usr/local/sbin/stunnel -version stunnel 4.14 on i686-pc-linux-gnu PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7e 25 Oct 2004 Global options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH debug = 5 key = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/var/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none Service-level options TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds # Output of "uname -a". Linux <removed> 2.2.26 #8 Fri Jul 16 00:42:34 EDT 2004 i686 unknown # Your libc version if you use Linux. 2.2.5 # Output of "gcc -v". Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) # Output of "openssl version" or "ssleay version" depending on your library. Subscribe to stunnel-users. OpenSSL 0.9.7e 25 Oct 2004