Hi
I have a strange issue with stunnel 5.09 - which connects up to a F5 loadbalancer/SSL-offloading engine. In my config, I specify that the protocol must be TLSv1 - from Linux, I can connect - but it does not work from Windows..
Linux log:
2015.02.10 15:58:29 LOG7[22779]: Service [rb20] accepted (FD=3) from 127.0.0.1:33247 2015.02.10 15:58:29 LOG7[22887]: Service [rb20] started 2015.02.10 15:58:29 LOG5[22887]: Service [rb20] accepted connection from 127.0.0.1:33247 2015.02.10 15:58:29 LOG6[22887]: s_connect: connecting A.B.C.D:443 2015.02.10 15:58:29 LOG7[22887]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds 2015.02.10 15:58:29 LOG5[22887]: s_connect: connected A.B.C.D:443 2015.02.10 15:58:29 LOG5[22887]: Service [rb20] connected remote server from 10.11.12.101:33477 2015.02.10 15:58:29 LOG7[22887]: Remote socket (FD=11) initialized 2015.02.10 15:58:29 LOG6[22887]: SNI: sending servername: host.domain.com 2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): before/connect initialization 2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write client hello A 2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 read server hello A 2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 read finished A 2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write change cipher spec A 2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write finished A 2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 flush data 2015.02.10 15:58:29 LOG7[22887]: 1 items in the session cache 2015.02.10 15:58:29 LOG7[22887]: 5 client connects (SSL_connect()) 2015.02.10 15:58:29 LOG7[22887]: 5 client connects that finished 2015.02.10 15:58:29 LOG7[22887]: 0 client renegotiations requested 2015.02.10 15:58:29 LOG7[22887]: 0 server connects (SSL_accept()) 2015.02.10 15:58:29 LOG7[22887]: 0 server connects that finished 2015.02.10 15:58:29 LOG7[22887]: 0 server renegotiations requested 2015.02.10 15:58:29 LOG7[22887]: 4 session cache hits 2015.02.10 15:58:29 LOG7[22887]: 0 external session cache hits 2015.02.10 15:58:29 LOG7[22887]: 0 session cache misses 2015.02.10 15:58:29 LOG7[22887]: 0 session cache timeouts 2015.02.10 15:58:29 LOG6[22887]: SSL connected: previous session reused 2015.02.10 15:58:29 LOG7[22779]: Service [rb20] accepted (FD=12) from 127.0.0.1:33249 2015.02.10 15:58:29 LOG6[22887]: Read socket closed (read hangup) 2015.02.10 15:58:29 LOG7[22887]: Sending close_notify alert 2015.02.10 15:58:29 LOG7[22887]: SSL alert (write): warning: close notify 2015.02.10 15:58:29 LOG6[22887]: SSL_shutdown successfully sent close_notify alert 2015.02.10 15:58:29 LOG7[22888]: Service [rb20] started 2015.02.10 15:58:29 LOG5[22888]: Service [rb20] accepted connection from 127.0.0.1:33249 2015.02.10 15:58:29 LOG6[22888]: s_connect: connecting A.B.C.D:443 2015.02.10 15:58:29 LOG7[22888]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds 2015.02.10 15:58:29 LOG5[22888]: s_connect: connected A.B.C.D:443 2015.02.10 15:58:29 LOG5[22888]: Service [rb20] connected remote server from 10.11.12.101:33479 2015.02.10 15:58:29 LOG7[22888]: Remote socket (FD=13) initialized 2015.02.10 15:58:29 LOG6[22888]: SNI: sending servername: ssl39.dmsave.com 2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): before/connect initialization 2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write client hello A 2015.02.10 15:58:29 LOG6[22887]: SSL socket closed (SSL_read) 2015.02.10 15:58:29 LOG7[22887]: Sent socket write shutdown 2015.02.10 15:58:29 LOG5[22887]: Connection closed: 136 byte(s) sent to SSL, 52 byte(s) sent to socket 2015.02.10 15:58:29 LOG7[22887]: Remote socket (FD=11) closed 2015.02.10 15:58:29 LOG7[22887]: Local socket (FD=3) closed 2015.02.10 15:58:29 LOG7[22887]: Service [rb20] finished (1 left) 2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 read server hello A 2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 read finished A 2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write change cipher spec A 2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write finished A 2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 flush data 2015.02.10 15:58:29 LOG7[22888]: 1 items in the session cache 2015.02.10 15:58:29 LOG7[22888]: 6 client connects (SSL_connect()) 2015.02.10 15:58:29 LOG7[22888]: 6 client connects that finished 2015.02.10 15:58:29 LOG7[22888]: 0 client renegotiations requested 2015.02.10 15:58:29 LOG7[22888]: 0 server connects (SSL_accept()) 2015.02.10 15:58:29 LOG7[22888]: 0 server connects that finished 2015.02.10 15:58:29 LOG7[22888]: 0 server renegotiations requested 2015.02.10 15:58:29 LOG7[22888]: 5 session cache hits 2015.02.10 15:58:29 LOG7[22888]: 0 external session cache hits 2015.02.10 15:58:29 LOG7[22888]: 0 session cache misses 2015.02.10 15:58:29 LOG7[22888]: 0 session cache timeouts 2015.02.10 15:58:29 LOG6[22888]: SSL connected: previous session reused
Windows log:
2015.02.10 16:07:36 LOG7[9528]: Service [rb20] accepted (FD=1128) from 127.0.0.1:50353 2015.02.10 16:07:36 LOG7[9528]: Creating a new thread 2015.02.10 16:07:36 LOG7[9528]: New thread created 2015.02.10 16:07:36 LOG7[7056]: Service [rb20] started 2015.02.10 16:07:36 LOG5[7056]: Service [rb20] accepted connection from 127.0.0.1:50353 2015.02.10 16:07:36 LOG6[7056]: s_connect: connecting A.B.C.D:443 2015.02.10 16:07:36 LOG7[7056]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds 2015.02.10 16:07:36 LOG5[7056]: s_connect: connected A.B.C.D:443 2015.02.10 16:07:36 LOG5[7056]: Service [rb20] connected remote server from 192.168.225.103:50354 2015.02.10 16:07:36 LOG7[7056]: Remote socket (FD=1124) initialized 2015.02.10 16:07:36 LOG6[7056]: SNI: sending servername: host.domain.com 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): before/connect initialization 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write client hello A 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server hello A 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server certificate A 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server done A 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write client key exchange A 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write change cipher spec A 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write finished A 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 flush data 2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read finished A 2015.02.10 16:07:36 LOG7[7056]: 1 items in the session cache 2015.02.10 16:07:36 LOG7[7056]: 1 client connects (SSL_connect()) 2015.02.10 16:07:36 LOG7[7056]: 1 client connects that finished 2015.02.10 16:07:36 LOG7[7056]: 0 client renegotiations requested 2015.02.10 16:07:36 LOG7[7056]: 0 server connects (SSL_accept()) 2015.02.10 16:07:36 LOG7[7056]: 0 server connects that finished 2015.02.10 16:07:36 LOG7[7056]: 0 server renegotiations requested 2015.02.10 16:07:36 LOG7[7056]: 0 session cache hits 2015.02.10 16:07:36 LOG7[7056]: 0 external session cache hits 2015.02.10 16:07:36 LOG7[7056]: 0 session cache misses 2015.02.10 16:07:36 LOG7[7056]: 0 session cache timeouts 2015.02.10 16:07:36 LOG7[7056]: Peer certificate was cached (1521 bytes) 2015.02.10 16:07:36 LOG6[7056]: SSL connected: new session negotiated 2015.02.10 16:07:36 LOG6[7056]: Negotiated TLSv1 ciphersuite RC4-MD5 (128-bit encryption) 2015.02.10 16:07:36 LOG7[7056]: Compression: null, expansion: null 2015.02.10 16:07:36 LOG6[7056]: Read socket closed (readsocket) 2015.02.10 16:07:36 LOG7[7056]: Sending close_notify alert 2015.02.10 16:07:36 LOG7[7056]: SSL alert (write): warning: close notify 2015.02.10 16:07:36 LOG6[7056]: SSL_shutdown successfully sent close_notify alert 2015.02.10 16:07:36 LOG7[9528]: Service [rb20] accepted (FD=1132) from 127.0.0.1:50355 2015.02.10 16:07:36 LOG7[9528]: Creating a new thread 2015.02.10 16:07:36 LOG7[9528]: New thread created 2015.02.10 16:07:36 LOG7[2164]: Service [rb20] started 2015.02.10 16:07:36 LOG5[2164]: Service [rb20] accepted connection from 127.0.0.1:50355 2015.02.10 16:07:36 LOG6[2164]: s_connect: connecting A.B.C.D:443 2015.02.10 16:07:36 LOG7[2164]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds 2015.02.10 16:07:36 LOG5[2164]: s_connect: connected A.B.C.D:443 2015.02.10 16:07:36 LOG5[2164]: Service [rb20] connected remote server from 192.168.225.103:50356 2015.02.10 16:07:36 LOG7[2164]: Remote socket (FD=1152) initialized 2015.02.10 16:07:36 LOG6[2164]: SNI: sending servername: host.domain.com 2015.02.10 16:07:36 LOG7[2164]: SSL state (connect): before/connect initialization 2015.02.10 16:07:36 LOG7[2164]: SSL state (connect): SSLv3 write client hello A 2015.02.10 16:07:36 LOG6[7056]: SSL socket closed (SSL_read) 2015.02.10 16:07:36 LOG7[7056]: Sent socket write shutdown 2015.02.10 16:07:36 LOG5[7056]: Connection closed: 89 byte(s) sent to SSL, 52 byte(s) sent to socket 2015.02.10 16:07:36 LOG7[7056]: Remote socket (FD=1124) closed 2015.02.10 16:07:36 LOG7[7056]: Local socket (FD=1128) closed 2015.02.10 16:07:36 LOG7[7056]: Service [rb20] finished (1 left)
The main difference I can see, is that on Linux I get:
2015.02.10 15:58:29 LOG6[22887]: SSL connected: previous session reused
Whereas Windows gives me:
2015.02.10 16:07:36 LOG7[7056]: Peer certificate was cached (1521 bytes) 2015.02.10 16:07:36 LOG6[7056]: SSL connected: new session negotiated
Any idea why this happens ? The final result is that connections are possible from linux - but not Windows - and this is a problem for me...
Regards /Brian
On 10.02.2015 19:02, Brian Ipsen wrote:
2015.02.10 16:07:36 LOG7[7056]: 1 items in the session cache 2015.02.10 16:07:36 LOG7[7056]: 1 client connects (SSL_connect()) 2015.02.10 16:07:36 LOG7[7056]: 1 client connects that finished
[cut]
Any idea why this happens ? The final result is that connections are possible from linux – but not Windows – and this is a problem for me…
This is the first connection ("1 client connects"), so there is no previously negotiated session to resume.
Mike
Hi
But the configuration on the 2 client are exactly the same.... That is why I am wondering why it works on Linux, but not Windows....
Regards /Brian
________________________________________ Fra: stunnel-users [stunnel-users-bounces@stunnel.org] på vegne af Michal Trojnara [Michal.Trojnara@mirt.net] Sendt: 11. februar 2015 17:34 Til: stunnel-users@stunnel.org Emne: Re: [stunnel-users] TLSv1 - Linux vs Windows ?
On 10.02.2015 19:02, Brian Ipsen wrote:
2015.02.10 16:07:36 LOG7[7056]: 1 items in the session cache 2015.02.10 16:07:36 LOG7[7056]: 1 client connects (SSL_connect()) 2015.02.10 16:07:36 LOG7[7056]: 1 client connects that finished
[cut]
Any idea why this happens ? The final result is that connections are possible from linux – but not Windows – and this is a problem for me…
This is the first connection ("1 client connects"), so there is no previously negotiated session to resume.
Mike _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users