Hi, I am attempting to setup stunnel 5.67 in Windows Server 2022 core. I believe I have enabled TLS 1.2.
Here is the output of stunnel starting up:
[ ] Initializing inetd mode configuration [ ] Running on Windows 6.2 [ ] No limit detected for the number of clients [.] stunnel 5.67 on x64-pc-mingw32-gnu platform [.] Compiled/running with OpenSSL 3.0.7 1 Nov 2022 [.] Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI [ ] errno: (*_errno()) [ ] Initializing inetd mode configuration [ ] Running on Windows 6.2 [.] Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf [.] UTF-8 byte order mark detected [.] FIPS mode disabled [ ] Compression disabled [ ] No PRNG seeding was required [ ] Initializing service [Integration Profile 1] [ ] stunnel default security level set: 2 [ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK [ ] TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 [ ] TLS options: 0x2100000 (+0x0, -0x0) [ ] Session resumption enabled [ ] Loading certificate from file: art&music.pem [!] error queue: ssl/ssl_rsa.c:448: error:0A080002:SSL routines::system lib [!] error queue: crypto/bio/bss_file.c:300: error:10080002:BIO routines::system lib [!] SSL_CTX_use_certificate_chain_file: crypto/bio/bss_file.c:297: error:80000002:system library::No such file or directory [!] Service [Integration Profile 1]: Failed to initialize TLS context [!] Configuration failed [ ] Deallocating temporary section defaults [ ] Deallocating section [Integration Profile 1]
Any suggestions on what is wrong?
Thanks, Paul
Hi there! I am facing the same issue. My server is Debian 11, I tried several setup and all of them are working in different operating system like Debian 9/10 & Ubuntu 18. I also tried to restart the stunnel4 but still facing the same problem
[ ] Clients allowed=500 [.] stunnel 5.56 on x86_64-pc-linux-gnu platform [.] Compiled with OpenSSL 1.1.1k 25 Mar 2021 [.] Running with OpenSSL 1.1.1n 15 Mar 2022 [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP [ ] errno: (*__errno_location ()) [.] Reading configuration from file /etc/stunnel/stunnel.conf [.] UTF-8 byte order mark not detected [.] FIPS mode disabled [ ] Compression disabled [ ] No PRNG seeding was required [ ] Initializing service [ssh] [ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK [ ] TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 [ ] TLS options: 0x02100004 (+0x00000000, -0x00000000) [ ] Loading certificate from file: /etc/stunnel/stunnel.pem [ ] Certificate loaded from file: /etc/stunnel/stunnel.pem [ ] Loading private key from file: /etc/stunnel/stunnel.pem [ ] Private key loaded from file: /etc/stunnel/stunnel.pem [ ] Private key check succeeded [ ] DH initialization not needed [ ] ECDH initialization [ ] ECDH initialized with curves X25519:P-256:X448:P-521:P-384 [.] Configuration successful [ ] Binding service [ssh] [ ] Listening file descriptor created (FD=9) [ ] Setting accept socket options (FD=9) [ ] Option SO_REUSEADDR set on accept socket [.] Binding service [ssh] to 0.0.0.0:443: Address already in use (98) [ ] Listening file descriptor created (FD=9) [ ] Setting accept socket options (FD=9) [ ] Option SO_REUSEADDR set on accept socket [.] Binding service [ssh] to :::443: Address already in use (98) [!] Binding service [ssh] failed [ ] Deallocating section defaults [ ] Unbinding service [ssh] [ ] Service [ssh] closed [ ] Deallocating section [ssh]
when i restart the stunnel4 this is the log LOG5[ui]: Compiled with OpenSSL 1.1.1k 25 Mar 2021 LOG5[ui]: Running with OpenSSL 1.1.1n 15 Mar 2022 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf LOG5[ui]: UTF-8 byte order mark not detected LOG5[ui]: FIPS mode disabled LOG5[ui]: Configuration successful LOG5[ui]: Binding service [ssh] to :::443: Address already in use (98) Starting TLS tunnels: /etc/stunnel/stunnel.conf: started (no pid=pidfile specified!) Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).
when a client tries to connect this it what it shows LOG5[1]: Service [ssh] accepted connection from 112.206.147.228:45614 LOG5[1]: s_connect: connected 127.0.0.1:555 LOG5[1]: Service [ssh] connected remote server from 127.0.0.1:56980 LOG5[1]: Connection closed: 514 byte(s) sent to TLS, 115 byte(s) sent to socket LOG3[0]: SSL_accept: Peer suddenly disconnected LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket LOG5[2]: Service [ssh] accepted connection from 112.206.147.228:45616 LOG5[2]: s_connect: connected 127.0.0.1:555 LOG5[2]: Service [ssh] connected remote server from 127.0.0.1:56984 LOG5[2]: Connection closed: 514 byte(s) sent to TLS, 102 byte(s) sent to socket
in the client side the error message is "Cannot read full block, EOF reached.
-
Paul Gabriel -
xbbottyx@gmail.com