Hey Stunnel guys!
I've got a bit of an issue in which users on ie6 cannot connect through HTTPs to my haproxy cluster, they get a 404 page cannot be displayed.
Works fine in all other browsers ;)
The logs from Stunnel are:
2012.06.13 01:06:09 LOG7[28347:47884616028640]: local socket: FD=14 allocated (non-blocking mode)
2012.06.13 01:06:09 LOG7[28347:47884616028640]: Service incoming-https accepted FD=14 from [ClientIP]:1208
2012.06.13 01:06:09 LOG7[28347:1078843712]: Service incoming-https started
2012.06.13 01:06:09 LOG7[28347:1078843712]: Option TCP_NODELAY set on local socket
2012.06.13 01:06:09 LOG7[28347:1078843712]: Waiting for a libwrap process
2012.06.13 01:06:09 LOG7[28347:1078843712]: Acquired libwrap process #0
2012.06.13 01:06:09 LOG7[28347:1078843712]: Releasing libwrap process #0
2012.06.13 01:06:09 LOG7[28347:1078843712]: Released libwrap process #0
2012.06.13 01:06:09 LOG7[28347:1078843712]: Service incoming-https permitted by libwrap from [ClientIP]:1208
2012.06.13 01:06:09 LOG5[28347:1078843712]: Service incoming-https accepted connection from [ClientIP]:1208
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): before/accept initialization
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 read client hello A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write server hello A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write certificate A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write server done A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 flush data
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 read client key exchange A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 read finished A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write change cipher spec A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write finished A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 flush data
2012.06.13 01:06:09 LOG7[28347:1078843712]: 1 items in the session cache
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 client connects (SSL_connect())
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 client connects that finished
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 client renegotiations requested
2012.06.13 01:06:09 LOG7[28347:1078843712]: 1 server connects (SSL_accept())
2012.06.13 01:06:09 LOG7[28347:1078843712]: 1 server connects that finished
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 server renegotiations requested
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 session cache hits
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 external session cache hits
2012.06.13 01:06:09 LOG7[28347:1078843712]: 1 session cache misses
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 session cache timeouts
2012.06.13 01:06:09 LOG6[28347:1078843712]: SSL accepted: new session negotiated
2012.06.13 01:06:09 LOG6[28347:1078843712]: Negotiated ciphers: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
2012.06.13 01:06:09 LOG7[28347:1078843712]: remote socket: FD=15 allocated (non-blocking mode)
2012.06.13 01:06:09 LOG6[28347:1078843712]: connect_blocking: connecting [HAPROXY IP]:81
2012.06.13 01:06:09 LOG7[28347:1078843712]: connect_blocking: s_poll_wait [HAPROXY IP]:81: waiting 10 seconds
2012.06.13 01:06:09 LOG5[28347:1078843712]: connect_blocking: connected [HAPROXY IP]:81
2012.06.13 01:06:09 LOG5[28347:1078843712]: Service incoming-https connected remote server from [HAPROXY IP]:55823
2012.06.13 01:06:09 LOG7[28347:1078843712]: Remote FD=15 initialized
2012.06.13 01:06:09 LOG7[28347:1078843712]: Option TCP_NODELAY set on remote socket
2012.06.13 01:06:09 LOG5[28347:1078843712]: Error detected on SSL (read) file descriptor: Connection reset by peer (104)
2012.06.13 01:06:09 LOG5[28347:1078843712]: Connection reset: 0 bytes sent to SSL, 320 bytes sent to socket
2012.06.13 01:06:09 LOG7[28347:1078843712]: Service incoming-https finished (0 left)
2012.06.13 01:06:09 LOG7[28347:1078843712]: str_stats: 0 block(s), 0 data byte(s), 0 control byte(s)
Could stunnel be at play here or am I looking at the wrong thing?
Thanks!
Karl.
Karl Kloppenborg
Programming Ninja
Crucial Paradigm Pty Ltd
Suite 1 Level 3 104-106 Commonwealth St
Surry Hills NSW 2010
Australia
1300 884 839 - Sales & Support (AU Only)
https://support.crucialp.com/ Click here for the Support Desk
d: 02 8202 9994
f: 02 92818261
m: 0416 236 908
e: mailto:karl@crucial.com.au karl@crucial.com.au
Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions.
We are commited to keeping our planet green, please reduce, reuse and recycle your office paper.
Description: crucial_2012
No one has any ideas?
--karl.
Karl Kloppenborg
Programming Ninja
Crucial Paradigm Pty Ltd
Suite 1 Level 3 104-106 Commonwealth St
Surry Hills NSW 2010
Australia
1300 884 839 - Sales & Support (AU Only)
https://support.crucialp.com/ Click here for the Support Desk
d: 02 8202 9994
f: 02 92818261
m: 0416 236 908
e: karl@crucial.com.au
Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions.
We are commited to keeping our planet green, please reduce, reuse and recycle your office paper.
Description: crucial_2012
From: stunnel-users-bounces@stunnel.org [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Karl Kloppenborg Sent: Wednesday, 13 June 2012 12:06 PM To: stunnel-users@stunnel.org Subject: [stunnel-users] Error connecting through IE6
Hey Stunnel guys!
I've got a bit of an issue in which users on ie6 cannot connect through HTTPs to my haproxy cluster, they get a 404 page cannot be displayed.
Works fine in all other browsers ;)
The logs from Stunnel are:
2012.06.13 01:06:09 LOG7[28347:47884616028640]: local socket: FD=14 allocated (non-blocking mode)
2012.06.13 01:06:09 LOG7[28347:47884616028640]: Service incoming-https accepted FD=14 from [ClientIP]:1208
2012.06.13 01:06:09 LOG7[28347:1078843712]: Service incoming-https started
2012.06.13 01:06:09 LOG7[28347:1078843712]: Option TCP_NODELAY set on local socket
2012.06.13 01:06:09 LOG7[28347:1078843712]: Waiting for a libwrap process
2012.06.13 01:06:09 LOG7[28347:1078843712]: Acquired libwrap process #0
2012.06.13 01:06:09 LOG7[28347:1078843712]: Releasing libwrap process #0
2012.06.13 01:06:09 LOG7[28347:1078843712]: Released libwrap process #0
2012.06.13 01:06:09 LOG7[28347:1078843712]: Service incoming-https permitted by libwrap from [ClientIP]:1208
2012.06.13 01:06:09 LOG5[28347:1078843712]: Service incoming-https accepted connection from [ClientIP]:1208
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): before/accept initialization
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 read client hello A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write server hello A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write certificate A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write server done A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 flush data
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 read client key exchange A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 read finished A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write change cipher spec A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 write finished A
2012.06.13 01:06:09 LOG7[28347:1078843712]: SSL state (accept): SSLv3 flush data
2012.06.13 01:06:09 LOG7[28347:1078843712]: 1 items in the session cache
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 client connects (SSL_connect())
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 client connects that finished
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 client renegotiations requested
2012.06.13 01:06:09 LOG7[28347:1078843712]: 1 server connects (SSL_accept())
2012.06.13 01:06:09 LOG7[28347:1078843712]: 1 server connects that finished
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 server renegotiations requested
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 session cache hits
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 external session cache hits
2012.06.13 01:06:09 LOG7[28347:1078843712]: 1 session cache misses
2012.06.13 01:06:09 LOG7[28347:1078843712]: 0 session cache timeouts
2012.06.13 01:06:09 LOG6[28347:1078843712]: SSL accepted: new session negotiated
2012.06.13 01:06:09 LOG6[28347:1078843712]: Negotiated ciphers: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
2012.06.13 01:06:09 LOG7[28347:1078843712]: remote socket: FD=15 allocated (non-blocking mode)
2012.06.13 01:06:09 LOG6[28347:1078843712]: connect_blocking: connecting [HAPROXY IP]:81
2012.06.13 01:06:09 LOG7[28347:1078843712]: connect_blocking: s_poll_wait [HAPROXY IP]:81: waiting 10 seconds
2012.06.13 01:06:09 LOG5[28347:1078843712]: connect_blocking: connected [HAPROXY IP]:81
2012.06.13 01:06:09 LOG5[28347:1078843712]: Service incoming-https connected remote server from [HAPROXY IP]:55823
2012.06.13 01:06:09 LOG7[28347:1078843712]: Remote FD=15 initialized
2012.06.13 01:06:09 LOG7[28347:1078843712]: Option TCP_NODELAY set on remote socket
2012.06.13 01:06:09 LOG5[28347:1078843712]: Error detected on SSL (read) file descriptor: Connection reset by peer (104)
2012.06.13 01:06:09 LOG5[28347:1078843712]: Connection reset: 0 bytes sent to SSL, 320 bytes sent to socket
2012.06.13 01:06:09 LOG7[28347:1078843712]: Service incoming-https finished (0 left)
2012.06.13 01:06:09 LOG7[28347:1078843712]: str_stats: 0 block(s), 0 data byte(s), 0 control byte(s)
Could stunnel be at play here or am I looking at the wrong thing?
Thanks!
Karl.
Karl Kloppenborg
Programming Ninja
Crucial Paradigm Pty Ltd
Suite 1 Level 3 104-106 Commonwealth St
Surry Hills NSW 2010
Australia
1300 884 839 - Sales & Support (AU Only)
https://support.crucialp.com/ Click here for the Support Desk
d: 02 8202 9994
f: 02 92818261
m: 0416 236 908
e: karl@crucial.com.au
Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions.
We are commited to keeping our planet green, please reduce, reuse and recycle your office paper.
Description: crucial_2012
Karl Kloppenborg wrote:
I've got a bit of an issue in which users on ie6 cannot connect through HTTPs to my haproxy cluster, they get a 404 page cannot be displayed.
I guess there is some form of redirection...
BTW: The server returuning a 404 page for sure writes a nice error message into its error log. It is not stunnel, as stunnel doesn't know HTTP.
Mike
Thank you for that, I shall take a look into it!
--Karl.
Karl Kloppenborg Programming Ninja
Crucial Paradigm Pty Ltd Suite 1 Level 3 104-106 Commonwealth St Surry Hills NSW 2010 Australia
1300 884 839 - Sales & Support (AU Only) Click here for the Support Desk
d: 02 8202 9994 f: 02 92818261 m: 0416 236 908 e: karl@crucial.com.au
Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions. We are commited to keeping our planet green, please reduce, reuse and recycle your office paper.
-----Original Message----- From: stunnel-users-bounces@stunnel.org [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Michal Trojnara Sent: Thursday, 14 June 2012 7:29 PM To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] Error connecting through IE6
Karl Kloppenborg wrote:
I've got a bit of an issue in which users on ie6 cannot connect through HTTPs to my haproxy cluster, they get a 404 page cannot be displayed.
I guess there is some form of redirection...
BTW: The server returuning a 404 page for sure writes a nice error message into its error log. It is not stunnel, as stunnel doesn't know HTTP.
Mike _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-
Karl Kloppenborg -
Michal Trojnara