I am trying to set up rsync over SSL with stunnel. I've got things working when I run stunnel standalone on both systems, but I have been unable to get things working when I run stunnel via xinetd on the server (haven't tried using xinet on the client yet).

Here is the (standalone) server configuration that works:

cert = /etc/stunnel/rsyncs_cert.pem key = /etc/stunnel/private/rsyncs_key.pem client = no pid = /var/run/stunnel.pid RNDfile = /var/run/stunnel/random_seed foreground = yes debug = debug ;output = /var/run/stunnel/stunnel.log

[rsyncs] accept = 2873 exec = /usr/bin/rsync execargs = rsync --daemon

Here is the (non-working) server-side xinetd configuration:

# default: off # description: rsync tunneled over SSL (stunnel) service rsyncs { disable = no flags = IPv4 socket_type = stream wait = no user = root server = /usr/sbin/stunnel }

... and the (non-working) server-side stunnel configuration:

cert = /etc/stunnel/rsyncs_cert.pem key = /etc/stunnel/private/rsyncs_key.pem client = no pid = /var/run/stunnel.pid RNDfile = /var/run/stunnel/random_seed foreground = yes debug = debug output = /var/run/stunnel/stunnel.log

exec = /usr/bin/rsync execargs = rsync --daemon

Trying to connect to the non-working configuration with openssl s_client, I get:

CONNECTED(00000003) write to 0x9b9e938 [0x9b9f068] (133 bytes => 133 (0x85)) 0000 - 80 83 01 03 01 00 5a 00-00 00 20 00 00 39 00 00 ......Z... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....f. 0030 - 00 05 00 00 04 01 00 80-00 00 63 00 00 62 00 00 ..........c..b.. 0040 - 15 00 00 12 00 00 09 06-00 40 00 00 65 00 00 64 .........@..e..d 0050 - 00 00 14 00 00 11 00 00-08 00 00 06 04 00 80 00 ................ 0060 - 00 03 02 00 80 3e b4 89-34 c1 e6 93 97 2d 8d ca .....>..4....-.. 0070 - 90 e1 4c 51 e1 71 c7 54-ed 52 0c 6e 2e 47 90 9b ..LQ.q.T.R.n.G.. 0080 - 8e c6 73 3d d8 ..s=. read from 0x9b9e938 [0x9ba45c8] (7 bytes => 7 (0x7)) 0000 - 32 30 30 38 2e 30 33 2008.03 18523:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567:

The server log shows:

2008.03.10 11:32:23 LOG5[18563:3086215456]: stunnel 4.20 on i386-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006 2008.03.10 11:32:23 LOG5[18563:3086215456]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2008.03.10 11:32:23 LOG7[18563:3086215456]: stunnel started 2008.03.10 11:32:23 LOG7[18563:3086215456]: FD 0 in non-blocking mode 2008.03.10 11:32:23 LOG7[18563:3086215456]: FD 1 in non-blocking mode 2008.03.10 11:32:23 LOG7[18563:3086215456]: FD 4 in non-blocking mode 2008.03.10 11:32:23 LOG7[18563:3086215456]: FD 5 in non-blocking mode 2008.03.10 11:32:23 LOG7[18563:3086215456]: Connection from 127.0.0.1:38481 permitted by libwrap 2008.03.10 11:32:23 LOG5[18563:3086215456]: stunnel accepted connection from 127.0.0.1:38481 2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept): before/accept initialization 2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept): SSLv3 read client hello A 2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept): SSLv3 write server hello A 2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept): SSLv3 write certificate A 2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept): SSLv3 write server done A 2008.03.10 11:32:23 LOG3[18563:3086215456]: SSL_accept: Peer suddenly disconnected 2008.03.10 11:32:23 LOG5[18563:3086215456]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2008.03.10 11:32:23 LOG7[18563:3086215456]: stunnel finished (0 left)

Anyone have any ideas?

Thanks!