Hello,
I would like to find out if I can use STunnel as follows:
I have a stand alone C# executable program that uses a third party SDK that implements SMPP protocol and sends SMS text messages with wireless carriers. Recently, one of the wireless carriers wants us to implement SSL Client Authentication and wants SMPP messages that are exchanged with them to be encrypted after the client authentication is done.
I want to find out if I can use STunnel running so that STunnel can encrypt and decrypt the messages exchanged between my program and the carrier's SMS server.
(1) Is this possible with STunnel? (2) What are the steps involved?
I am on the Windows Server 2003 platform.
I would really appreciate a reply.
Thanks, Apu
Hello, Provided that you are using SMPP over TCP/IP (not over X25), yes you could use stunnel. Next you have to know what port(s) are involved at the server side (ie the "listening" socket(s)): apparently there are two flavors of smpp over tcp: one using two network connections, the other using only one ("tranceiver session").
Things will be more simple if you are using only one connection. If you are using two connections, and provided that ssl is required on both, just duplicate [smpp] section below as [smpp1] and [smpp2], of course changing the "accept" and "connect" ports.
Then you have to get a valid CLIENT certificate (crt file) and key file.
Stunnel.conf can then look like this : ;------ ; stunnel CLIENT conf
[smpps] client = yes
accept=127.0.0.1:CHOOSE A LOCAL LISTENING PORT ON THE CLIENT connect=SERVER_IP_ADDR:SERVER_LISTENING_PORT
cert=\localLocation\userXXXcert.crt key =\localLocation\userXXXcert.key
;often useful : sslVersion=all ;-----------
And of course you have to redirect your smpp client software to the "pseudo smpp over ssl" local server(s) on localhost, (cf "local listening port" above).
Hope this may help, Pierre Delaage
Le 10/09/2010 19:51, Pathak, Apurva (Apu) a écrit :
Hello, I would like to find out if I can use STunnel as follows: I have a stand alone C# executable program that uses a third party SDK that implements SMPP protocol and sends SMS text messages with wireless carriers. Recently, one of the wireless carriers wants us to implement SSL Client Authentication and wants SMPP messages that are exchanged with them to be encrypted after the client authentication is done. I want to find out if I can use STunnel running so that STunnel can encrypt and decrypt the messages exchanged between my program and the carrier's SMS server. (1) Is this possible with STunnel? (2) What are the steps involved? I am on the Windows Server 2003 platform. I would really appreciate a reply. Thanks, Apu
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Hi All,
I am having some issues running STunnel in Windows Service Mode.
I am running on Windows Server 2003, Service Pack 1.
stunnel 4.33
1. I was able to successfully install it as a service, as follows: Start > Programs > stunnel > Service Install 2. Stunnel Shows up as a Service in Windows Service 3. But when I try to start it either from the Windows Service area or the: Start > Programs > stunnel > Service start I get the following error, in a dialog box with an OK button:
stunnel 4.33 on win32 (stunnel)
StartService: error 1053: The service did not respond to the start or control request in a timely fashion.
1. I am able to actually Run stunnel, as: Start > Programs > stunnel > Run stunnel and do my SMPP work successfully! But of course, as soon as I log off the server, stunnel stops and my SMPP session is not encrypted and my Bind ends. So I really need the Windows Service mode to run urgently. I would really appreciate some help on what is going wrong, so that I can get run Stunnel in the Service mode
The stunnel.conf file is as follows: =================== cert = carrier.cer key = carrier.key
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log
; Service-level configuration
; IS ADDING SMPP AS SIMPLE AS ADDING IT HERE??? [ssmpp]
accept = 127.0.0.1:3005 connect = REMOTE_IP:9000
; Use it for client mode client = yes options = all
;often useful : sslVersion=all ;-----------
; vim:ft=dosini
================================= Regards, Apurva
________________________________ From: Pierre DELAAGE [mailto:delaage.pierre@free.fr] Sent: Saturday, September 11, 2010 3:25 PM To: Pathak, Apurva (Apu) Cc: stunnel-users@mirt.net Subject: Re: [stunnel-users] SMPP Protocol and STunnel Hello, Provided that you are using SMPP over TCP/IP (not over X25), yes you could use stunnel. Next you have to know what port(s) are involved at the server side (ie the "listening" socket(s)): apparently there are two flavors of smpp over tcp: one using two network connections, the other using only one ("tranceiver session").
Things will be more simple if you are using only one connection. If you are using two connections, and provided that ssl is required on both, just duplicate [smpp] section below as [smpp1] and [smpp2], of course changing the "accept" and "connect" ports.
Then you have to get a valid CLIENT certificate (crt file) and key file.
Stunnel.conf can then look like this : ;------ ; stunnel CLIENT conf
[smpps] client = yes
accept=127.0.0.1:CHOOSE A LOCAL LISTENING PORT ON THE CLIENT connect=SERVER_IP_ADDR:SERVER_LISTENING_PORT
cert=\localLocation\userXXXcert.crt key =\localLocation\userXXXcert.key
;often useful : sslVersion=all ;-----------
And of course you have to redirect your smpp client software to the "pseudo smpp over ssl" local server(s) on localhost, (cf "local listening port" above).
Hope this may help, Pierre Delaage
Le 10/09/2010 19:51, Pathak, Apurva (Apu) a écrit : Hello,
I would like to find out if I can use STunnel as follows:
I have a stand alone C# executable program that uses a third party SDK that implements SMPP protocol and sends SMS text messages with wireless carriers. Recently, one of the wireless carriers wants us to implement SSL Client Authentication and wants SMPP messages that are exchanged with them to be encrypted after the client authentication is done.
I want to find out if I can use STunnel running so that STunnel can encrypt and decrypt the messages exchanged between my program and the carrier's SMS server.
(1) Is this possible with STunnel? (2) What are the steps involved?
I am on the Windows Server 2003 platform.
I would really appreciate a reply.
Thanks, Apu
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.netmailto:stunnel-users@mirt.net
I forgot to mention one thing:
The private key, in the config file "carrier.key" needs a Pass phrase that I need to enter manually when I do "Run stunnel" which does not pop up when I try to run STunnnel in Windows Service mode. May be that is the problems - it's looking for the pass phrase and not able to start? Can I specify the passphrase some where in the config file?
Help would be appreciated.
Regards, Apurva ________________________________ From: Pathak, Apurva (Apu) Sent: Wednesday, October 20, 2010 11:01 AM To: stunnel-users@mirt.net Cc: 'Pierre DELAAGE'; Pathak, Apurva (Apu) Subject: Error Running STunnel in Windows Service Mode Hi All,
I am having some issues running STunnel in Windows Service Mode.
I am running on Windows Server 2003, Service Pack 1.
stunnel 4.33
1. I was able to successfully install it as a service, as follows: Start > Programs > stunnel > Service Install 2. Stunnel Shows up as a Service in Windows Service 3. But when I try to start it either from the Windows Service area or the: Start > Programs > stunnel > Service start I get the following error, in a dialog box with an OK button:
stunnel 4.33 on win32 (stunnel)
StartService: error 1053: The service did not respond to the start or control request in a timely fashion.
1. I am able to actually Run stunnel, as: Start > Programs > stunnel > Run stunnel and do my SMPP work successfully! But of course, as soon as I log off the server, stunnel stops and my SMPP session is not encrypted and my Bind ends. So I really need the Windows Service mode to run urgently. I would really appreciate some help on what is going wrong, so that I can get run Stunnel in the Service mode
The stunnel.conf file is as follows: =================== cert = carrier.cer key = carrier.key
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log
; Service-level configuration
; IS ADDING SMPP AS SIMPLE AS ADDING IT HERE??? [ssmpp]
accept = 127.0.0.1:3005 connect = REMOTE_IP:9000
; Use it for client mode client = yes options = all
;often useful : sslVersion=all ;-----------
; vim:ft=dosini
================================= Regards, Apurva
________________________________ From: Pierre DELAAGE [mailto:delaage.pierre@free.fr] Sent: Saturday, September 11, 2010 3:25 PM To: Pathak, Apurva (Apu) Cc: stunnel-users@mirt.net Subject: Re: [stunnel-users] SMPP Protocol and STunnel Hello, Provided that you are using SMPP over TCP/IP (not over X25), yes you could use stunnel. Next you have to know what port(s) are involved at the server side (ie the "listening" socket(s)): apparently there are two flavors of smpp over tcp: one using two network connections, the other using only one ("tranceiver session").
Things will be more simple if you are using only one connection. If you are using two connections, and provided that ssl is required on both, just duplicate [smpp] section below as [smpp1] and [smpp2], of course changing the "accept" and "connect" ports.
Then you have to get a valid CLIENT certificate (crt file) and key file.
Stunnel.conf can then look like this : ;------ ; stunnel CLIENT conf
[smpps] client = yes
accept=127.0.0.1:CHOOSE A LOCAL LISTENING PORT ON THE CLIENT connect=SERVER_IP_ADDR:SERVER_LISTENING_PORT
cert=\localLocation\userXXXcert.crt key =\localLocation\userXXXcert.key
;often useful : sslVersion=all ;-----------
And of course you have to redirect your smpp client software to the "pseudo smpp over ssl" local server(s) on localhost, (cf "local listening port" above).
Hope this may help, Pierre Delaage
Le 10/09/2010 19:51, Pathak, Apurva (Apu) a écrit : Hello,
I would like to find out if I can use STunnel as follows:
I have a stand alone C# executable program that uses a third party SDK that implements SMPP protocol and sends SMS text messages with wireless carriers. Recently, one of the wireless carriers wants us to implement SSL Client Authentication and wants SMPP messages that are exchanged with them to be encrypted after the client authentication is done.
I want to find out if I can use STunnel running so that STunnel can encrypt and decrypt the messages exchanged between my program and the carrier's SMS server.
(1) Is this possible with STunnel? (2) What are the steps involved?
I am on the Windows Server 2003 platform.
I would really appreciate a reply.
Thanks, Apu
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.netmailto:stunnel-users@mirt.net
Hi, In service mode, one has to remove the password protection from cert file. It is typical when ones want to automate ssl sessions. I think it is pointed out in some docs, but I do not remember where...
Pierre
Le 20/10/2010 22:13, Pathak, Apurva (Apu) a écrit :
I forgot to mention one thing:
The private key, in the config file "*carrier.key*" needs a Pass phrase that I need to enter manually when I do "Run stunnel" which does not pop up when I try to run STunnnel in Windows Service mode. May be that is the problems -- it's looking for the pass phrase and not able to start? Can I specify the passphrase some where in the config file?
Help would be appreciated.
Regards,
Apurva
*From:* Pathak, Apurva (Apu) *Sent:* Wednesday, October 20, 2010 11:01 AM *To:* stunnel-users@mirt.net *Cc:* 'Pierre DELAAGE'; Pathak, Apurva (Apu) *Subject:* Error Running STunnel in Windows Service Mode
Hi All,
I am having some issues running STunnel in Windows Service Mode.
*I am running on Windows Server 2003, Service Pack 1. *
*stunnel 4.33*
- I was able to successfully install it as a service, as follows: Start > Programs > stunnel > Service Install
- Stunnel Shows up as a Service in Windows Service
- But when I try to start it either from the Windows Service area or the: Start > Programs > stunnel > Service start I get the following error, in a dialog box with an OK button:
*stunnel 4.33 on win32 (stunnel)*
*StartService: error 1053: The service did not respond to the start or control request in a timely fashion.*
- I am able to actually Run stunnel, as: Start > Programs > stunnel > *Run stunnel* and do my SMPP work successfully! But of course, as soon as I log off the server, stunnel stops and my SMPP session is not encrypted and my Bind ends. So I really need the Windows Service mode to run urgently. I would really appreciate some help on what is going wrong, so that I can get run Stunnel in the Service mode
The stunnel.conf file is as follows:
===================
cert = carrier.cer
key = carrier.key
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log
; Service-level configuration
; IS ADDING SMPP AS SIMPLE AS ADDING IT HERE???
[ssmpp]
accept = 127.0.0.1:3005
connect = REMOTE_IP:9000
; Use it for client mode
client = yes
options = all
;often useful :
sslVersion=all
;-----------
; vim:ft=dosini
=================================
Regards,
Apurva
*From:* Pierre DELAAGE [mailto:delaage.pierre@free.fr] *Sent:* Saturday, September 11, 2010 3:25 PM *To:* Pathak, Apurva (Apu) *Cc:* stunnel-users@mirt.net *Subject:* Re: [stunnel-users] SMPP Protocol and STunnel
Hello, Provided that you are using SMPP over TCP/IP (not over X25), yes you could use stunnel. Next you have to know what port(s) are involved at the server side (ie the "listening" socket(s)): apparently there are two flavors of smpp over tcp: one using two network connections, the other using only one ("tranceiver session").
Things will be more simple if you are using only one connection. If you are using two connections, and provided that ssl is required on both, just duplicate [smpp] section below as [smpp1] and [smpp2], of course changing the "accept" and "connect" ports.
Then you have to get a valid CLIENT certificate (crt file) and key file.
Stunnel.conf can then look like this : ;------ ; stunnel CLIENT conf
[smpps] client = yes
accept=127.0.0.1:CHOOSE A LOCAL LISTENING PORT ON THE CLIENT connect=SERVER_IP_ADDR:SERVER_LISTENING_PORT
cert=\localLocation\userXXXcert.crt key =\localLocation\userXXXcert.key
;often useful : sslVersion=all ;-----------
And of course you have to redirect your smpp client software to the "pseudo smpp over ssl" local server(s) on localhost, (cf "local listening port" above).
Hope this may help, Pierre Delaage
Le 10/09/2010 19:51, Pathak, Apurva (Apu) a écrit :
Hello,
I would like to find out if I can use STunnel as follows:
I have a stand alone C# executable program that uses a third party SDK that implements SMPP protocol and sends SMS text messages with wireless carriers. Recently, one of the wireless carriers wants us to implement SSL Client Authentication and wants SMPP messages that are exchanged with them to be encrypted after the client authentication is done.
I want to find out if I can use STunnel running so that STunnel can encrypt and decrypt the messages exchanged between my program and the carrier's SMS server.
(1) Is this possible with STunnel?
(2) What are the steps involved?
I am on the Windows Server 2003 platform.
I would really appreciate a reply.
Thanks,
Apu
stunnel-users mailing list stunnel-users@mirt.net mailto:stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Here is slightly modified information:
When I do the following:
1. When I try to start Stunnel from: Start > Programs > stunnel > Service start I get the following error, in a dialog box with an OK button:
I do get the pop up to enter the pass-phrase for "carrier.key" (the stunnel.conf is below) - but I still get the following error:
stunnel 4.33 on win32 (stunnel)
StartService: error 1053: The service did not respond to the start or control request in a timely fashion.
And when I try to start the stunnel service directly from the Windows Service area, I do not get the pop-up to enter the pass-phrase for "carrier.key" (the stunnel.conf is below), but I do get the above error.
I would appreciate your help.
Regards, Apurva ________________________________ ________________________________ From: Pathak, Apurva (Apu) Sent: Wednesday, October 20, 2010 11:01 AM To: stunnel-users@mirt.net Cc: 'Pierre DELAAGE'; Pathak, Apurva (Apu) Subject: Error Running STunnel in Windows Service Mode Hi All,
I am having some issues running STunnel in Windows Service Mode.
I am running on Windows Server 2003, Service Pack 1.
stunnel 4.33
1. I was able to successfully install it as a service, as follows: Start > Programs > stunnel > Service Install 2. Stunnel Shows up as a Service in Windows Service 3. But when I try to start it either from the Windows Service area or the: Start > Programs > stunnel > Service start I get the following error, in a dialog box with an OK button:
stunnel 4.33 on win32 (stunnel)
StartService: error 1053: The service did not respond to the start or control request in a timely fashion.
1. I am able to actually Run stunnel, as: Start > Programs > stunnel > Run stunnel and do my SMPP work successfully! But of course, as soon as I log off the server, stunnel stops and my SMPP session is not encrypted and my Bind ends. So I really need the Windows Service mode to run urgently. I would really appreciate some help on what is going wrong, so that I can get run Stunnel in the Service mode
The stunnel.conf file is as follows: =================== cert = carrier.cer key = carrier.key
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log
; Service-level configuration
[ssmpp] accept = 127.0.0.1:3005 connect = REMOTE_IP:9000
; Use it for client mode client = yes options = all
;often useful : sslVersion=all ;-----------
; vim:ft=dosini
================================= Regards, Apurva
________________________________ From: Pierre DELAAGE [mailto:delaage.pierre@free.fr] Sent: Saturday, September 11, 2010 3:25 PM To: Pathak, Apurva (Apu) Cc: stunnel-users@mirt.net Subject: Re: [stunnel-users] SMPP Protocol and STunnel Hello, Provided that you are using SMPP over TCP/IP (not over X25), yes you could use stunnel. Next you have to know what port(s) are involved at the server side (ie the "listening" socket(s)): apparently there are two flavors of smpp over tcp: one using two network connections, the other using only one ("tranceiver session").
Things will be more simple if you are using only one connection. If you are using two connections, and provided that ssl is required on both, just duplicate [smpp] section below as [smpp1] and [smpp2], of course changing the "accept" and "connect" ports.
Then you have to get a valid CLIENT certificate (crt file) and key file.
Stunnel.conf can then look like this : ;------ ; stunnel CLIENT conf
[smpps] client = yes
accept=127.0.0.1:CHOOSE A LOCAL LISTENING PORT ON THE CLIENT connect=SERVER_IP_ADDR:SERVER_LISTENING_PORT
cert=\localLocation\userXXXcert.crt key =\localLocation\userXXXcert.key
;often useful : sslVersion=all ;-----------
And of course you have to redirect your smpp client software to the "pseudo smpp over ssl" local server(s) on localhost, (cf "local listening port" above).
Hope this may help, Pierre Delaage
Le 10/09/2010 19:51, Pathak, Apurva (Apu) a écrit : Hello,
I would like to find out if I can use STunnel as follows:
I have a stand alone C# executable program that uses a third party SDK that implements SMPP protocol and sends SMS text messages with wireless carriers. Recently, one of the wireless carriers wants us to implement SSL Client Authentication and wants SMPP messages that are exchanged with them to be encrypted after the client authentication is done.
I want to find out if I can use STunnel running so that STunnel can encrypt and decrypt the messages exchanged between my program and the carrier's SMS server.
(1) Is this possible with STunnel? (2) What are the steps involved?
I am on the Windows Server 2003 platform.
I would really appreciate a reply.
Thanks, Apu
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.netmailto:stunnel-users@mirt.net
Hello,
I am getting an error with using stunnel 4.34. I am running on Windows Server 2003. Unfortunately, this has cropped up only after we went to production, so there is no turning back now. Urgent help is needed.
Reporting queued error: faulting application stunnel.exe, version 0.0.0.0, faulting module libeay32.dll, version 1.0.0.1, fault address 0x0007331e.
I am using stunnel to encrypt SMPP (or SMS text messages).
The above error is occurring very frequently when I run stunnel in Windows Service mode. Once this happens and I go through the same two steps to re-establish binds with my wireless carrier (1) restart stunnel (2) restart my SMPP service. The following happens (1) Stunnel starts with: Option SO_REUSEADDR set on accept socket (2) I am not able to establish binds error in stunnel.log: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
When the above error is happening, the way to get things to work is to go: Start > Programs > stunnel > Start Service and things still work (Stunnel runs as me in user mode and not as "SYSTEM", stunnel does still start with Option SO_REUSEADDR set on accept socket but binds starts OK). Of course, as soon as I log off the server, everything stops so this of not much use, but this is working for some reason.
Complete stunnel.log:
2010.11.18 10:42:11 LOG5[5732:7408]: Reading configuration from file stunnel.conf 2010.11.18 10:42:11 LOG7[5732:7408]: PRNG seeded successfully 2010.11.18 10:42:11 LOG6[5732:7408]: Could not load DH parameters from carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: ECDH initialized 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded 2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key 2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded 2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp1 2010.11.18 10:42:11 LOG6[5732:7408]: Could not load DH parameters from carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: ECDH initialized 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded 2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key 2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded 2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp2 2010.11.18 10:42:11 LOG7[5732:7408]: Configuration SSL options: 0x80000FFF 2010.11.18 10:42:11 LOG7[5732:7408]: SSL options set: 0x80000FFF 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded 2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key 2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded 2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp3 2010.11.18 10:42:11 LOG5[5732:7408]: Configuration successful 2010.11.18 10:42:11 LOG5[5732:7408]: No limit detected for the number of clients 2010.11.18 10:42:11 LOG7[5732:7408]: FD=224 in non-blocking mode 2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 opened FD=224 2010.11.18 10:42:11 LOG7[5732:7408]: FD=228 in non-blocking mode 2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 opened FD=228 2010.11.18 10:42:11 LOG7[5732:7408]: FD=244 in non-blocking mode 2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 opened FD=244 2010.11.18 10:42:11 LOG5[5732:7408]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010 2010.11.18 10:42:11 LOG5[5732:7408]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=292 from 127.0.0.1:4214 2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:42:24 LOG7[5732:6160]: New thread created 2010.11.18 10:42:24 LOG7[5732:2140]: Service ssmpp1 started 2010.11.18 10:42:24 LOG7[5732:2140]: FD=292 in non-blocking mode 2010.11.18 10:42:24 LOG7[5732:2140]: Option TCP_NODELAY set on local socket 2010.11.18 10:42:24 LOG5[5732:2140]: Service ssmpp1 accepted connection from 127.0.0.1:4214 2010.11.18 10:42:24 LOG7[5732:2140]: SSL state (accept): before/accept initialization 2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=316 from 127.0.0.1:4215 2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:42:24 LOG7[5732:6904]: Service ssmpp1 started 2010.11.18 10:42:24 LOG7[5732:6160]: New thread created 2010.11.18 10:42:24 LOG7[5732:6904]: FD=316 in non-blocking mode 2010.11.18 10:42:24 LOG7[5732:6904]: Option TCP_NODELAY set on local socket 2010.11.18 10:42:24 LOG5[5732:6904]: Service ssmpp1 accepted connection from 127.0.0.1:4215 2010.11.18 10:42:24 LOG7[5732:6904]: SSL state (accept): before/accept initialization 2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=340 from 127.0.0.1:4216 2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:42:24 LOG7[5732:6160]: New thread created 2010.11.18 10:42:24 LOG7[5732:5592]: Service ssmpp1 started 2010.11.18 10:42:24 LOG7[5732:5592]: FD=340 in non-blocking mode 2010.11.18 10:42:24 LOG7[5732:5592]: Option TCP_NODELAY set on local socket 2010.11.18 10:42:24 LOG5[5732:5592]: Service ssmpp1 accepted connection from 127.0.0.1:4216 2010.11.18 10:42:24 LOG7[5732:5592]: SSL state (accept): before/accept initialization 2010.11.18 10:42:24 LOG3[5732:5592]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:42:24 LOG5[5732:5592]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:42:24 LOG7[5732:5592]: Service ssmpp1 finished (2 left) 2010.11.18 10:42:34 LOG3[5732:2140]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:42:34 LOG5[5732:2140]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:42:34 LOG7[5732:2140]: Service ssmpp1 finished (1 left) 2010.11.18 10:42:44 LOG3[5732:6904]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:42:44 LOG5[5732:6904]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:42:44 LOG7[5732:6904]: Service ssmpp1 finished (0 left) 2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=332 from 127.0.0.1:4237 2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:43:04 LOG7[5732:6160]: New thread created 2010.11.18 10:43:04 LOG7[5732:2256]: Service ssmpp1 started 2010.11.18 10:43:04 LOG7[5732:2256]: FD=332 in non-blocking mode 2010.11.18 10:43:04 LOG7[5732:2256]: Option TCP_NODELAY set on local socket 2010.11.18 10:43:04 LOG5[5732:2256]: Service ssmpp1 accepted connection from 127.0.0.1:4237 2010.11.18 10:43:04 LOG7[5732:2256]: SSL state (accept): before/accept initialization 2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=308 from 127.0.0.1:4238 2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:43:04 LOG7[5732:6160]: New thread created 2010.11.18 10:43:04 LOG7[5732:6544]: Service ssmpp1 started 2010.11.18 10:43:04 LOG7[5732:6544]: FD=308 in non-blocking mode 2010.11.18 10:43:04 LOG7[5732:6544]: Option TCP_NODELAY set on local socket 2010.11.18 10:43:04 LOG5[5732:6544]: Service ssmpp1 accepted connection from 127.0.0.1:4238 2010.11.18 10:43:04 LOG7[5732:6544]: SSL state (accept): before/accept initialization 2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=356 from 127.0.0.1:4239 2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:43:04 LOG7[5732:6160]: New thread created 2010.11.18 10:43:04 LOG7[5732:7256]: Service ssmpp1 started 2010.11.18 10:43:04 LOG7[5732:7256]: FD=356 in non-blocking mode 2010.11.18 10:43:04 LOG7[5732:7256]: Option TCP_NODELAY set on local socket 2010.11.18 10:43:04 LOG5[5732:7256]: Service ssmpp1 accepted connection from 127.0.0.1:4239 2010.11.18 10:43:04 LOG7[5732:7256]: SSL state (accept): before/accept initialization 2010.11.18 10:43:04 LOG3[5732:2256]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:43:04 LOG5[5732:2256]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:43:04 LOG7[5732:2256]: Service ssmpp1 finished (2 left) 2010.11.18 10:43:09 LOG3[5732:7256]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:43:09 LOG5[5732:7256]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:43:09 LOG7[5732:7256]: Service ssmpp1 finished (1 left) 2010.11.18 10:43:12 LOG3[5732:6544]: SSL_accept: Peer suddenly disconnected 2010.11.18 10:43:12 LOG5[5732:6544]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:43:12 LOG7[5732:6544]: Service ssmpp1 finished (0 left)
Thanks, Apurva
Hi Apurva, For us to help, we need your stunnel.conf. Is this bug NEW ? was there a recent change either on client-side or server-side ?
Can you try with LAST (recent versions) of openssl (there are TWO ! 100b and 098p) ? ...
HMMMMMMMM: may I have understood something : in your stunnel.conf you seem to have bound MANY stunnel SERVICES to the SAME listening port 3005. This is what I consider an error ! service1 SHOULD listen on 3005, service2 on 3006 etc...
2010.11.18 10:42:11 LOG7[5732:7408]: *Service ssmpp1 bound to 127.0.0.1:3005*
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 opened FD=224
2010.11.18 10:42:11 LOG7[5732:7408]: FD=228 in non-blocking mode
2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket
2010.11.18 10:42:11 LOG7[5732:7408]: *Service ssmpp2 bound to 127.0.0.1:3005*
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 opened FD=228
2010.11.18 10:42:11 LOG7[5732:7408]: FD=244 in non-blocking mode
2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket
2010.11.18 10:42:11 LOG7[5732:7408]: *Service ssmpp3 bound to 127.0.0.1:3005*
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 opened FD=244
Hope this helps (it should), Pierre
Le 19/11/2010 01:47, Pathak, Apurva (Apu) a écrit :
Hello,
*I am getting an error with using stunnel 4.34*. *I am running on Windows Server 2003. *Unfortunately, this has cropped up only after we went to production, so there is no turning back now. Urgent help is needed.
*Reporting queued error: faulting application stunnel.exe, version 0.0.0.0, faulting module libeay32.dll, version 1.0.0.1, fault address 0x0007331e.*
I am using stunnel to encrypt SMPP (or SMS text messages).
The above error is occurring very frequently when I run stunnel in Windows Service mode. *Once this happens* and I go through the same two steps to re-establish binds with my wireless carrier (1) restart stunnel (2) restart my SMPP service. The following happens (1) *Stunnel starts with: **Option SO_REUSEADDR set on accept socket* (2) I am not able to establish binds error in *stunnel.log*: *SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol*
When the above error is happening, the way to get things to work is to go: *Start > Programs > stunnel >* *Start Service *and things still work (Stunnel runs as me in user mode and not as "SYSTEM", stunnel does still start with *Option SO_REUSEADDR set on accept socket but binds starts OK*). Of course, as soon as I log off the server, everything stops so this of not much use, but this is working for some reason.
Complete stunnel.log:
2010.11.18 10:42:11 LOG5[5732:7408]: Reading configuration from file stunnel.conf
2010.11.18 10:42:11 LOG7[5732:7408]: PRNG seeded successfully
2010.11.18 10:42:11 LOG6[5732:7408]: Could not load DH parameters from carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: ECDH initialized
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded
2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key
2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded
2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp1
2010.11.18 10:42:11 LOG6[5732:7408]: Could not load DH parameters from carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: ECDH initialized
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded
2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key
2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded
2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp2
2010.11.18 10:42:11 LOG7[5732:7408]: Configuration SSL options: 0x80000FFF
2010.11.18 10:42:11 LOG7[5732:7408]: SSL options set: 0x80000FFF
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded
2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key
2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded
2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp3
2010.11.18 10:42:11 LOG5[5732:7408]: Configuration successful
2010.11.18 10:42:11 LOG5[5732:7408]: No limit detected for the number of clients
2010.11.18 10:42:11 LOG7[5732:7408]: FD=224 in non-blocking mode
*2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket*
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 bound to 127.0.0.1:3005
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 opened FD=224
2010.11.18 10:42:11 LOG7[5732:7408]: FD=228 in non-blocking mode
2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 bound to 127.0.0.1:3005
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 opened FD=228
2010.11.18 10:42:11 LOG7[5732:7408]: FD=244 in non-blocking mode
2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 bound to 127.0.0.1:3005
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 opened FD=244
2010.11.18 10:42:11 LOG5[5732:7408]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010
2010.11.18 10:42:11 LOG5[5732:7408]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=292 from 127.0.0.1:4214
2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:42:24 LOG7[5732:6160]: New thread created
2010.11.18 10:42:24 LOG7[5732:2140]: Service ssmpp1 started
2010.11.18 10:42:24 LOG7[5732:2140]: FD=292 in non-blocking mode
2010.11.18 10:42:24 LOG7[5732:2140]: Option TCP_NODELAY set on local socket
2010.11.18 10:42:24 LOG5[5732:2140]: Service ssmpp1 accepted connection from 127.0.0.1:4214
2010.11.18 10:42:24 LOG7[5732:2140]: SSL state (accept): before/accept initialization
2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=316 from 127.0.0.1:4215
2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:42:24 LOG7[5732:6904]: Service ssmpp1 started
2010.11.18 10:42:24 LOG7[5732:6160]: New thread created
2010.11.18 10:42:24 LOG7[5732:6904]: FD=316 in non-blocking mode
2010.11.18 10:42:24 LOG7[5732:6904]: Option TCP_NODELAY set on local socket
2010.11.18 10:42:24 LOG5[5732:6904]: Service ssmpp1 accepted connection from 127.0.0.1:4215
2010.11.18 10:42:24 LOG7[5732:6904]: SSL state (accept): before/accept initialization
2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=340 from 127.0.0.1:4216
2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:42:24 LOG7[5732:6160]: New thread created
2010.11.18 10:42:24 LOG7[5732:5592]: Service ssmpp1 started
2010.11.18 10:42:24 LOG7[5732:5592]: FD=340 in non-blocking mode
2010.11.18 10:42:24 LOG7[5732:5592]: Option TCP_NODELAY set on local socket
2010.11.18 10:42:24 LOG5[5732:5592]: Service ssmpp1 accepted connection from 127.0.0.1:4216
2010.11.18 10:42:24 LOG7[5732:5592]: SSL state (accept): before/accept initialization
2010.11.18 10:42:24 LOG3[5732:5592]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:42:24 LOG5[5732:5592]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:42:24 LOG7[5732:5592]: Service ssmpp1 finished (2 left)
2010.11.18 10:42:34 LOG3[5732:2140]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:42:34 LOG5[5732:2140]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:42:34 LOG7[5732:2140]: Service ssmpp1 finished (1 left)
2010.11.18 10:42:44 LOG3[5732:6904]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:42:44 LOG5[5732:6904]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:42:44 LOG7[5732:6904]: Service ssmpp1 finished (0 left)
2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=332 from 127.0.0.1:4237
2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:43:04 LOG7[5732:6160]: New thread created
2010.11.18 10:43:04 LOG7[5732:2256]: Service ssmpp1 started
2010.11.18 10:43:04 LOG7[5732:2256]: FD=332 in non-blocking mode
2010.11.18 10:43:04 LOG7[5732:2256]: Option TCP_NODELAY set on local socket
2010.11.18 10:43:04 LOG5[5732:2256]: Service ssmpp1 accepted connection from 127.0.0.1:4237
2010.11.18 10:43:04 LOG7[5732:2256]: SSL state (accept): before/accept initialization
2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=308 from 127.0.0.1:4238
2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:43:04 LOG7[5732:6160]: New thread created
2010.11.18 10:43:04 LOG7[5732:6544]: Service ssmpp1 started
2010.11.18 10:43:04 LOG7[5732:6544]: FD=308 in non-blocking mode
2010.11.18 10:43:04 LOG7[5732:6544]: Option TCP_NODELAY set on local socket
2010.11.18 10:43:04 LOG5[5732:6544]: Service ssmpp1 accepted connection from 127.0.0.1:4238
2010.11.18 10:43:04 LOG7[5732:6544]: SSL state (accept): before/accept initialization
2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=356 from 127.0.0.1:4239
2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:43:04 LOG7[5732:6160]: New thread created
2010.11.18 10:43:04 LOG7[5732:7256]: Service ssmpp1 started
2010.11.18 10:43:04 LOG7[5732:7256]: FD=356 in non-blocking mode
2010.11.18 10:43:04 LOG7[5732:7256]: Option TCP_NODELAY set on local socket
2010.11.18 10:43:04 LOG5[5732:7256]: Service ssmpp1 accepted connection from 127.0.0.1:4239
2010.11.18 10:43:04 LOG7[5732:7256]: SSL state (accept): before/accept initialization
2010.11.18 10:43:04 LOG3[5732:2256]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:43:04 LOG5[5732:2256]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:43:04 LOG7[5732:2256]: Service ssmpp1 finished (2 left)
2010.11.18 10:43:09 LOG3[5732:7256]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:43:09 LOG5[5732:7256]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:43:09 LOG7[5732:7256]: Service ssmpp1 finished (1 left)
2010.11.18 10:43:12 LOG3[5732:6544]: SSL_accept: Peer suddenly disconnected
2010.11.18 10:43:12 LOG5[5732:6544]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:43:12 LOG7[5732:6544]: Service ssmpp1 finished (0 left)
Thanks,
Apurva
Hi Pierre,
You are right, I had the same ACCEPT port mentioned three times - something that worked for several hours and then caused problems - I guess the symptom was the error with libeay32.dll (I am hoping it was that and nothing else). Actually I needed it only once and then my ESME application could establish many connections to it.
Also, I disabled:
TCP_NODELAY options in my stunnel.conf as you suggested and also disabled sslVersion=all as suggested by the carrier.
Since making these changes, things have been stable so I am not getting a different version of the libeay32.dll 1.0.0.1 at this time.
;often useful : ;sslVersion=all ;-----------
Here is my example stunne.conf ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration
; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment
cert = carrier.cer key = carrier.key
; Some performance tunings ;socket = l:TCP_NODELAY=1 ;socket = r:TCP_NODELAY=1
; TURN THIS ON TO MAX ; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log
; Service-level configuration
; Have this only once and ESME application can establish several connections (as many as allowed by the ; carrier SMSC, that is) [ssmpp1] accept = 127.0.0.1:3003 connect = <DESTINATION_IP_REMOTE>:<DESTIONATION_PORT_REMOTE>
; Use it for client mode client = yes ; Suggested by client options = all
;Suggested by client to disable this ;often useful : ;sslVersion=all ;-----------
; vim:ft=dosini
Thanks a lot for your help! Apurva
________________________________ From: Pierre DELAAGE [mailto:delaage.pierre@free.fr] Sent: Thursday, November 18, 2010 11:36 PM To: Pathak, Apurva (Apu); stunnel-users@mirt.net Subject: Re: Error: faulting application stunnel.exe, version 0.0.0.0, faulting module libeay32.dll, version 1.0.0.1, fault address 0x0007331e. Hi Apurva, For us to help, we need your stunnel.conf. Is this bug NEW ? was there a recent change either on client-side or server-side ?
Can you try with LAST (recent versions) of openssl (there are TWO ! 100b and 098p) ? ...
HMMMMMMMM: may I have understood something : in your stunnel.conf you seem to have bound MANY stunnel SERVICES to the SAME listening port 3005. This is what I consider an error ! service1 SHOULD listen on 3005, service2 on 3006 etc... 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 opened FD=224 2010.11.18 10:42:11 LOG7[5732:7408]: FD=228 in non-blocking mode 2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 opened FD=228 2010.11.18 10:42:11 LOG7[5732:7408]: FD=244 in non-blocking mode 2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 opened FD=244
Hope this helps (it should), Pierre
Le 19/11/2010 01:47, Pathak, Apurva (Apu) a écrit : Hello, I am getting an error with using stunnel 4.34. I am running on Windows Server 2003. Unfortunately, this has cropped up only after we went to production, so there is no turning back now. Urgent help is needed. Reporting queued error: faulting application stunnel.exe, version 0.0.0.0, faulting module libeay32.dll, version 1.0.0.1, fault address 0x0007331e. I am using stunnel to encrypt SMPP (or SMS text messages). The above error is occurring very frequently when I run stunnel in Windows Service mode. Once this happens and I go through the same two steps to re-establish binds with my wireless carrier (1) restart stunnel (2) restart my SMPP service. The following happens (1) Stunnel starts with: Option SO_REUSEADDR set on accept socket (2) I am not able to establish binds error in stunnel.log: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol When the above error is happening, the way to get things to work is to go: Start > Programs > stunnel > Start Service and things still work (Stunnel runs as me in user mode and not as "SYSTEM", stunnel does still start with Option SO_REUSEADDR set on accept socket but binds starts OK). Of course, as soon as I log off the server, everything stops so this of not much use, but this is working for some reason. Complete stunnel.log: 2010.11.18 10:42:11 LOG5[5732:7408]: Reading configuration from file stunnel.conf 2010.11.18 10:42:11 LOG7[5732:7408]: PRNG seeded successfully 2010.11.18 10:42:11 LOG6[5732:7408]: Could not load DH parameters from carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: ECDH initialized 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded 2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key 2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded 2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp1 2010.11.18 10:42:11 LOG6[5732:7408]: Could not load DH parameters from carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: ECDH initialized 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded 2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key 2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded 2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp2 2010.11.18 10:42:11 LOG7[5732:7408]: Configuration SSL options: 0x80000FFF 2010.11.18 10:42:11 LOG7[5732:7408]: SSL options set: 0x80000FFF 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer 2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded 2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key 2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded 2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp3 2010.11.18 10:42:11 LOG5[5732:7408]: Configuration successful 2010.11.18 10:42:11 LOG5[5732:7408]: No limit detected for the number of clients 2010.11.18 10:42:11 LOG7[5732:7408]: FD=224 in non-blocking mode 2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 opened FD=224 2010.11.18 10:42:11 LOG7[5732:7408]: FD=228 in non-blocking mode 2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 opened FD=228 2010.11.18 10:42:11 LOG7[5732:7408]: FD=244 in non-blocking mode 2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 bound to 127.0.0.1:3005 2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 opened FD=244 2010.11.18 10:42:11 LOG5[5732:7408]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010 2010.11.18 10:42:11 LOG5[5732:7408]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=292 from 127.0.0.1:4214 2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:42:24 LOG7[5732:6160]: New thread created 2010.11.18 10:42:24 LOG7[5732:2140]: Service ssmpp1 started 2010.11.18 10:42:24 LOG7[5732:2140]: FD=292 in non-blocking mode 2010.11.18 10:42:24 LOG7[5732:2140]: Option TCP_NODELAY set on local socket 2010.11.18 10:42:24 LOG5[5732:2140]: Service ssmpp1 accepted connection from 127.0.0.1:4214 2010.11.18 10:42:24 LOG7[5732:2140]: SSL state (accept): before/accept initialization 2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=316 from 127.0.0.1:4215 2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:42:24 LOG7[5732:6904]: Service ssmpp1 started 2010.11.18 10:42:24 LOG7[5732:6160]: New thread created 2010.11.18 10:42:24 LOG7[5732:6904]: FD=316 in non-blocking mode 2010.11.18 10:42:24 LOG7[5732:6904]: Option TCP_NODELAY set on local socket 2010.11.18 10:42:24 LOG5[5732:6904]: Service ssmpp1 accepted connection from 127.0.0.1:4215 2010.11.18 10:42:24 LOG7[5732:6904]: SSL state (accept): before/accept initialization 2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=340 from 127.0.0.1:4216 2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:42:24 LOG7[5732:6160]: New thread created 2010.11.18 10:42:24 LOG7[5732:5592]: Service ssmpp1 started 2010.11.18 10:42:24 LOG7[5732:5592]: FD=340 in non-blocking mode 2010.11.18 10:42:24 LOG7[5732:5592]: Option TCP_NODELAY set on local socket 2010.11.18 10:42:24 LOG5[5732:5592]: Service ssmpp1 accepted connection from 127.0.0.1:4216 2010.11.18 10:42:24 LOG7[5732:5592]: SSL state (accept): before/accept initialization 2010.11.18 10:42:24 LOG3[5732:5592]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:42:24 LOG5[5732:5592]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:42:24 LOG7[5732:5592]: Service ssmpp1 finished (2 left) 2010.11.18 10:42:34 LOG3[5732:2140]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:42:34 LOG5[5732:2140]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:42:34 LOG7[5732:2140]: Service ssmpp1 finished (1 left) 2010.11.18 10:42:44 LOG3[5732:6904]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:42:44 LOG5[5732:6904]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:42:44 LOG7[5732:6904]: Service ssmpp1 finished (0 left) 2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=332 from 127.0.0.1:4237 2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:43:04 LOG7[5732:6160]: New thread created 2010.11.18 10:43:04 LOG7[5732:2256]: Service ssmpp1 started 2010.11.18 10:43:04 LOG7[5732:2256]: FD=332 in non-blocking mode 2010.11.18 10:43:04 LOG7[5732:2256]: Option TCP_NODELAY set on local socket 2010.11.18 10:43:04 LOG5[5732:2256]: Service ssmpp1 accepted connection from 127.0.0.1:4237 2010.11.18 10:43:04 LOG7[5732:2256]: SSL state (accept): before/accept initialization 2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=308 from 127.0.0.1:4238 2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:43:04 LOG7[5732:6160]: New thread created 2010.11.18 10:43:04 LOG7[5732:6544]: Service ssmpp1 started 2010.11.18 10:43:04 LOG7[5732:6544]: FD=308 in non-blocking mode 2010.11.18 10:43:04 LOG7[5732:6544]: Option TCP_NODELAY set on local socket 2010.11.18 10:43:04 LOG5[5732:6544]: Service ssmpp1 accepted connection from 127.0.0.1:4238 2010.11.18 10:43:04 LOG7[5732:6544]: SSL state (accept): before/accept initialization 2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=356 from 127.0.0.1:4239 2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread 2010.11.18 10:43:04 LOG7[5732:6160]: New thread created 2010.11.18 10:43:04 LOG7[5732:7256]: Service ssmpp1 started 2010.11.18 10:43:04 LOG7[5732:7256]: FD=356 in non-blocking mode 2010.11.18 10:43:04 LOG7[5732:7256]: Option TCP_NODELAY set on local socket 2010.11.18 10:43:04 LOG5[5732:7256]: Service ssmpp1 accepted connection from 127.0.0.1:4239 2010.11.18 10:43:04 LOG7[5732:7256]: SSL state (accept): before/accept initialization 2010.11.18 10:43:04 LOG3[5732:2256]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:43:04 LOG5[5732:2256]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:43:04 LOG7[5732:2256]: Service ssmpp1 finished (2 left) 2010.11.18 10:43:09 LOG3[5732:7256]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2010.11.18 10:43:09 LOG5[5732:7256]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:43:09 LOG7[5732:7256]: Service ssmpp1 finished (1 left) 2010.11.18 10:43:12 LOG3[5732:6544]: SSL_accept: Peer suddenly disconnected 2010.11.18 10:43:12 LOG5[5732:6544]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2010.11.18 10:43:12 LOG7[5732:6544]: Service ssmpp1 finished (0 left) Thanks, Apurva
Hi Apurva, Good news. Just to mention: SslVersion=all OFTEN SOLVES MANY PROBLEMS in various circumstances. So I would keep it... Just search for it in the mailing list and you will see...
This is just an advice...
Yours sincerely, Pierre
Le 21/11/2010 18:38, Pathak, Apurva (Apu) a écrit :
Hi Pierre,
You are right, I had the same ACCEPT port mentioned three times -- something that worked for several hours and then caused problems -- I guess the symptom was the error with libeay32.dll (I am hoping it was that and nothing else). Actually I needed it only once and then my ESME application could establish many connections to it.
Also, I disabled:
TCP_NODELAY options in my stunnel.conf as you suggested and also disabled *sslVersion=all* as suggested by the carrier.
Since making these changes, things have been stable so I am not getting a different version of the libeay32.dll 1.0.0.1 at this time.
;often useful :
;sslVersion=all
;-----------
*Here is my example stunne.conf*
*; Sample stunnel configuration file by Michal Trojnara 2002-2006*
*; Some options used here may not be adequate for your particular configuration*
*; Certificate/key is needed in server mode and optional in client mode*
*; The default certificate is provided only for testing and should not*
*; be used in a production environment*
*cert = carrier.cer*
*key = carrier.key*
*; Some performance tunings*
*;socket = l:TCP_NODELAY=1*
*;socket = r:TCP_NODELAY=1*
*; TURN THIS ON TO MAX*
*; Some debugging stuff useful for troubleshooting*
*debug = 7*
*output = stunnel.log*
*; Service-level configuration*
*; Have this only once and ESME application can establish several connections (as many as allowed by the*
*; carrier SMSC, that is)*
*[ssmpp1]*
*accept = 127.0.0.1:3003*
*connect = <DESTINATION_IP_REMOTE>:<DESTIONATION_PORT_REMOTE>*
*; Use it for client mode*
*client = yes*
*; Suggested by client*
*options = all*
*;Suggested by client to disable this*
*;often useful : *
*;sslVersion=all*
*;-----------*
*; vim:ft=dosini*
*Thanks a lot for your help!*
*Apurva*
*From:* Pierre DELAAGE [mailto:delaage.pierre@free.fr] *Sent:* Thursday, November 18, 2010 11:36 PM *To:* Pathak, Apurva (Apu); stunnel-users@mirt.net *Subject:* Re: Error: faulting application stunnel.exe, version 0.0.0.0, faulting module libeay32.dll, version 1.0.0.1, fault address 0x0007331e.
Hi Apurva, For us to help, we need your stunnel.conf. Is this bug NEW ? was there a recent change either on client-side or server-side ?
Can you try with LAST (recent versions) of openssl (there are TWO ! 100b and 098p) ? ...
HMMMMMMMM: may I have understood something : in your stunnel.conf you seem to have bound MANY stunnel SERVICES to the SAME listening port 3005. This is what I consider an error ! service1 SHOULD listen on 3005, service2 on 3006 etc...
2010.11.18 10:42:11 LOG7[5732:7408]: *Service ssmpp1 bound to 127.0.0.1:3005*
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 opened FD=224
2010.11.18 10:42:11 LOG7[5732:7408]: FD=228 in non-blocking mode
2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket
2010.11.18 10:42:11 LOG7[5732:7408]: *Service ssmpp2 bound to 127.0.0.1:3005*
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 opened FD=228
2010.11.18 10:42:11 LOG7[5732:7408]: FD=244 in non-blocking mode
2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket
2010.11.18 10:42:11 LOG7[5732:7408]: *Service ssmpp3 bound to 127.0.0.1:3005*
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 opened FD=244
Hope this helps (it should), Pierre
Le 19/11/2010 01:47, Pathak, Apurva (Apu) a écrit :
Hello,
*I am getting an error with using stunnel 4.34*. *I am running on Windows Server 2003. *Unfortunately, this has cropped up only after we went to production, so there is no turning back now. Urgent help is needed.
*Reporting queued error: faulting application stunnel.exe, version 0.0.0.0, faulting module libeay32.dll, version 1.0.0.1, fault address 0x0007331e.*
I am using stunnel to encrypt SMPP (or SMS text messages).
The above error is occurring very frequently when I run stunnel in Windows Service mode. *Once this happens* and I go through the same two steps to re-establish binds with my wireless carrier (1) restart stunnel (2) restart my SMPP service. The following happens (1) *Stunnel starts with: **Option SO_REUSEADDR set on accept socket* (2) I am not able to establish binds error in *stunnel.log*: *SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol*
When the above error is happening, the way to get things to work is to go: *Start > Programs > stunnel >* *Start Service *and things still work (Stunnel runs as me in user mode and not as "SYSTEM", stunnel does still start with *Option SO_REUSEADDR set on accept socket but binds starts OK*). Of course, as soon as I log off the server, everything stops so this of not much use, but this is working for some reason.
Complete stunnel.log:
2010.11.18 10:42:11 LOG5[5732:7408]: Reading configuration from file stunnel.conf
2010.11.18 10:42:11 LOG7[5732:7408]: PRNG seeded successfully
2010.11.18 10:42:11 LOG6[5732:7408]: Could not load DH parameters from carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: ECDH initialized
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded
2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key
2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded
2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp1
2010.11.18 10:42:11 LOG6[5732:7408]: Could not load DH parameters from carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: ECDH initialized
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded
2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key
2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded
2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp2
2010.11.18 10:42:11 LOG7[5732:7408]: Configuration SSL options: 0x80000FFF
2010.11.18 10:42:11 LOG7[5732:7408]: SSL options set: 0x80000FFF
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate: carrier.cer
2010.11.18 10:42:11 LOG7[5732:7408]: Certificate loaded
2010.11.18 10:42:11 LOG7[5732:7408]: Key file: carriernew.key
2010.11.18 10:42:11 LOG7[5732:7408]: Private key loaded
2010.11.18 10:42:11 LOG7[5732:7408]: SSL context initialized for service ssmpp3
2010.11.18 10:42:11 LOG5[5732:7408]: Configuration successful
2010.11.18 10:42:11 LOG5[5732:7408]: No limit detected for the number of clients
2010.11.18 10:42:11 LOG7[5732:7408]: FD=224 in non-blocking mode
*2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket*
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 bound to 127.0.0.1:3005
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp1 opened FD=224
2010.11.18 10:42:11 LOG7[5732:7408]: FD=228 in non-blocking mode
2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 bound to 127.0.0.1:3005
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp2 opened FD=228
2010.11.18 10:42:11 LOG7[5732:7408]: FD=244 in non-blocking mode
2010.11.18 10:42:11 LOG7[5732:7408]: Option SO_REUSEADDR set on accept socket
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 bound to 127.0.0.1:3005
2010.11.18 10:42:11 LOG7[5732:7408]: Service ssmpp3 opened FD=244
2010.11.18 10:42:11 LOG5[5732:7408]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010
2010.11.18 10:42:11 LOG5[5732:7408]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=292 from 127.0.0.1:4214
2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:42:24 LOG7[5732:6160]: New thread created
2010.11.18 10:42:24 LOG7[5732:2140]: Service ssmpp1 started
2010.11.18 10:42:24 LOG7[5732:2140]: FD=292 in non-blocking mode
2010.11.18 10:42:24 LOG7[5732:2140]: Option TCP_NODELAY set on local socket
2010.11.18 10:42:24 LOG5[5732:2140]: Service ssmpp1 accepted connection from 127.0.0.1:4214
2010.11.18 10:42:24 LOG7[5732:2140]: SSL state (accept): before/accept initialization
2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=316 from 127.0.0.1:4215
2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:42:24 LOG7[5732:6904]: Service ssmpp1 started
2010.11.18 10:42:24 LOG7[5732:6160]: New thread created
2010.11.18 10:42:24 LOG7[5732:6904]: FD=316 in non-blocking mode
2010.11.18 10:42:24 LOG7[5732:6904]: Option TCP_NODELAY set on local socket
2010.11.18 10:42:24 LOG5[5732:6904]: Service ssmpp1 accepted connection from 127.0.0.1:4215
2010.11.18 10:42:24 LOG7[5732:6904]: SSL state (accept): before/accept initialization
2010.11.18 10:42:24 LOG7[5732:6160]: Service ssmpp1 accepted FD=340 from 127.0.0.1:4216
2010.11.18 10:42:24 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:42:24 LOG7[5732:6160]: New thread created
2010.11.18 10:42:24 LOG7[5732:5592]: Service ssmpp1 started
2010.11.18 10:42:24 LOG7[5732:5592]: FD=340 in non-blocking mode
2010.11.18 10:42:24 LOG7[5732:5592]: Option TCP_NODELAY set on local socket
2010.11.18 10:42:24 LOG5[5732:5592]: Service ssmpp1 accepted connection from 127.0.0.1:4216
2010.11.18 10:42:24 LOG7[5732:5592]: SSL state (accept): before/accept initialization
2010.11.18 10:42:24 LOG3[5732:5592]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:42:24 LOG5[5732:5592]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:42:24 LOG7[5732:5592]: Service ssmpp1 finished (2 left)
2010.11.18 10:42:34 LOG3[5732:2140]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:42:34 LOG5[5732:2140]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:42:34 LOG7[5732:2140]: Service ssmpp1 finished (1 left)
2010.11.18 10:42:44 LOG3[5732:6904]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:42:44 LOG5[5732:6904]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:42:44 LOG7[5732:6904]: Service ssmpp1 finished (0 left)
2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=332 from 127.0.0.1:4237
2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:43:04 LOG7[5732:6160]: New thread created
2010.11.18 10:43:04 LOG7[5732:2256]: Service ssmpp1 started
2010.11.18 10:43:04 LOG7[5732:2256]: FD=332 in non-blocking mode
2010.11.18 10:43:04 LOG7[5732:2256]: Option TCP_NODELAY set on local socket
2010.11.18 10:43:04 LOG5[5732:2256]: Service ssmpp1 accepted connection from 127.0.0.1:4237
2010.11.18 10:43:04 LOG7[5732:2256]: SSL state (accept): before/accept initialization
2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=308 from 127.0.0.1:4238
2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:43:04 LOG7[5732:6160]: New thread created
2010.11.18 10:43:04 LOG7[5732:6544]: Service ssmpp1 started
2010.11.18 10:43:04 LOG7[5732:6544]: FD=308 in non-blocking mode
2010.11.18 10:43:04 LOG7[5732:6544]: Option TCP_NODELAY set on local socket
2010.11.18 10:43:04 LOG5[5732:6544]: Service ssmpp1 accepted connection from 127.0.0.1:4238
2010.11.18 10:43:04 LOG7[5732:6544]: SSL state (accept): before/accept initialization
2010.11.18 10:43:04 LOG7[5732:6160]: Service ssmpp1 accepted FD=356 from 127.0.0.1:4239
2010.11.18 10:43:04 LOG7[5732:6160]: Creating a new thread
2010.11.18 10:43:04 LOG7[5732:6160]: New thread created
2010.11.18 10:43:04 LOG7[5732:7256]: Service ssmpp1 started
2010.11.18 10:43:04 LOG7[5732:7256]: FD=356 in non-blocking mode
2010.11.18 10:43:04 LOG7[5732:7256]: Option TCP_NODELAY set on local socket
2010.11.18 10:43:04 LOG5[5732:7256]: Service ssmpp1 accepted connection from 127.0.0.1:4239
2010.11.18 10:43:04 LOG7[5732:7256]: SSL state (accept): before/accept initialization
2010.11.18 10:43:04 LOG3[5732:2256]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:43:04 LOG5[5732:2256]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:43:04 LOG7[5732:2256]: Service ssmpp1 finished (2 left)
2010.11.18 10:43:09 LOG3[5732:7256]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2010.11.18 10:43:09 LOG5[5732:7256]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:43:09 LOG7[5732:7256]: Service ssmpp1 finished (1 left)
2010.11.18 10:43:12 LOG3[5732:6544]: SSL_accept: Peer suddenly disconnected
2010.11.18 10:43:12 LOG5[5732:6544]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.11.18 10:43:12 LOG7[5732:6544]: Service ssmpp1 finished (0 left)
Thanks,
Apurva
Pierre DELAAGE wrote:
Just to mention: SslVersion=all OFTEN SOLVES MANY PROBLEMS in various circumstances.
As a professional penetration tester I fully agree that enabling SSLv2 solves many problems. At least for me it really does: http://osvdb.org/56387
Mike
I meant interoperabilty problems, when machines do not even succeed in establishing a dialog, ...not "security problems"...
Pierre
Le 22/11/2010 15:17, Michal Trojnara a écrit :
Pierre DELAAGE wrote:
Just to mention: SslVersion=all OFTEN SOLVES MANY PROBLEMS in various circumstances.
As a professional penetration tester I fully agree that enabling SSLv2 solves many problems. At least for me it really does: http://osvdb.org/56387
Mike _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Pierre DELAAGE delaage.pierre@free.fr wrote:
Just to mention: SslVersion=all OFTEN SOLVES MANY PROBLEMS in various circumstances.
As a professional penetration tester I fully agree that enabling SSLv2 solves many problems. At least for me it really does: http://osvdb.org/56387
I meant interoperabilty problems, when machines do not even succeed in establishing a dialog, ...not "security problems"...
I also meant solving interoperability problems. Interoperability with my MITM exploits to be more precise. Security is just the usual price to be paid for maxing out the interoperability.
Mike
-
Michal Trojnara -
Pathak, Apurva (Apu) -
Pierre DELAAGE