When I use either of these two versions of stunnel the round-robin for "connect" only sends connections to the first host listed on the configuration file. However the round-robin works in Stunnel 4.56,4.55,4.54 and 4.53. Anyone else have this issue?
Thank you,
Pete Sangas
./stunnel -version
stunnel 5.00 on x86_64-unknown-linux-gnu platform
Compiled/running with OpenSSL 1.0.1g 7 Apr 2014
Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS
Global options:
debug = daemon.notice
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options:
ciphers = FIPS (with "fips = yes")
ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no")
curve = prime256v1
sessionCacheSize = 1000
sessionCacheTimeout = 300 seconds
sslVersion = TLSv1 (with "fips = yes")
sslVersion = TLSv1 for client, all for server (with "fips = no")
stack = 65536 bytes
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
Config file :
CApath = /xxx/certs/trusted
CAfile = /yyy/cacert.pem
ciphers = RC4-SHA
debug = daemon.7
pid = /zzz/stunnel.pid
options = NO_SSLv2
foreground = yes
setgid = gid1
setuid = uid1
delay = no
fips=no
[stunnel]
TIMEOUTidle=86400
verify = 3
cert = /path/servercert.pem
accept = 443
failover=rr
connect = 10.1.1.50:23
connect = 10.1.1.60:23
On 2014-04-11 00:51, WNSDEV wrote:
When I use either of these two versions of stunnel the round-robin for “connect” only sends connections to the first host listed on the configuration file. However the round-robin works in Stunnel 4.56,4.55,4.54 and 4.53. Anyone else have this issue?
I was able to reproduce and fix this bug. Please test: https://www.stunnel.org/downloads/beta/stunnel-5.02b2.tar.gz
This regression issue was introduced while implementing the "redirect" option.
Mike
Hi Mike, This version of Stunnel -5.02b2 - has fixed the round-robin problem. Thanks for your fast reply, fix and for your work on Stunnel. Pete
-----Original Message----- From: Michal Trojnara [mailto:Michal.Trojnara@mirt.net] Sent: Sunday, April 13, 2014 12:21 PM To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] Problem with round robin on stunnel 5.0 and 5.1
On 2014-04-11 00:51, WNSDEV wrote:
When I use either of these two versions of stunnel the round-robin for "connect" only sends connections to the first host listed on the configuration file. However the round-robin works in Stunnel 4.56,4.55,4.54 and 4.53. Anyone else have this issue?
I was able to reproduce and fix this bug. Please test: https://www.stunnel.org/downloads/beta/stunnel-5.02b2.tar.gz
This regression issue was introduced while implementing the "redirect" option.
Mike
-
Michal Trojnara -
WNSDEV