For the benefit of the group, I thought I'd share some experiences I had when attempting to get Stunnel to run under Windows 7 SP1 64-bit.
I initially installed Stunnel version 4.53 to the default location, which in Windows 7 64-bit is:
C:\Program Files (x86)\stunnel\
I installed the service from the start menu option, then rebooted my machine.
I have administrator rights, and User Account Control is disabled. My observations included the following:
1. The Stunnel status window displayed only configuration loads. No output from any active connection was ever displayed, despite the fact that Stunnel was passing traffic to/from SSL-enabled servers.
2. Stunnel would not write to the log file. The error message indicated that Stunnel was unable to open stunnel.log. Initially, I thought this might be a factor in the lack of status window connection output, so I commented the log statement out to eliminate it. I then reloaded the configuration. The issue of not seeing any connection info was unaffected.
3. The notification area icon would not appear on Stunnel service load. It would mysteriously appear, then disappear, at seemingly random times.
4. Once the service was installed, it was not possible to stop it or uninstall it from the provided start menu shortcuts. Whenever I attempted to do so, the Stunnel status window would appear. However, I was able to perform these actions successfully by opening a command prompt, then issuing the commands from there.
In an effort to unravel these issues, I tried the following workarounds:
1. I re-installed stunnel to a non-system controlled directory. In my case, it was C:\Apps\stunnel.
2. I attempted to run stunnel in compatibility mode, set for Windows XP SP3.
3. I tried installing 2 previous versions of Stunnel.
All combinations produced exactly the same undesired result.
Finally, I stopped and uninstalled the service. Instead of using that method, I created a shortcut to stunnel.exe, and placed it in the start menu's startup folder, then rebooted.
Stunnel started at boot time, and all of the above issues were resolved.
As such, it seems like Stunnel just doesn't like to be run as a service on a Windows 7 64-bit machine; at least not on the one I own.
If you're encountering any stability issues with the Stunnel service in the Windows 7 64-bit environment, try my method. It works.
I'd like to extend a special thank you to Carter Browne, who provided valuable input throughout the course of my testing.
Regards,
Thomas
In my previous post, I neglected to include a relevant snippet from my stunnel.conf file.
Here it is:
debug = 6 fips = no delay = yes output = stunnel.log
[nntps.1] client = yes options = NO_SSLv2 sslVersion = TLSv1 ciphers = DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA cafile = peer-nntps.1.pem verify = 4 accept = 127.0.0.1:119 connect = xxx.xxx.xxx.xxx:563
On 4/28/2012 4:38 PM, Thomas Eifert wrote:
For the benefit of the group, I thought I'd share some experiences I had when attempting to get Stunnel to run under Windows 7 SP1 64-bit.
I initially installed Stunnel version 4.53 to the default location, which in Windows 7 64-bit is:
C:\Program Files (x86)\stunnel\
I installed the service from the start menu option, then rebooted my machine.
I have administrator rights, and User Account Control is disabled. My observations included the following:
- The Stunnel status window displayed only configuration loads. No
output from any active connection was ever displayed, despite the fact that Stunnel was passing traffic to/from SSL-enabled servers.
- Stunnel would not write to the log file. The error message
indicated that Stunnel was unable to open stunnel.log. Initially, I thought this might be a factor in the lack of status window connection output, so I commented the log statement out to eliminate it. I then reloaded the configuration. The issue of not seeing any connection info was unaffected.
- The notification area icon would not appear on Stunnel service
load. It would mysteriously appear, then disappear, at seemingly random times.
- Once the service was installed, it was not possible to stop it or
uninstall it from the provided start menu shortcuts. Whenever I attempted to do so, the Stunnel status window would appear. However, I was able to perform these actions successfully by opening a command prompt, then issuing the commands from there.
In an effort to unravel these issues, I tried the following workarounds:
- I re-installed stunnel to a non-system controlled directory. In
my case, it was C:\Apps\stunnel.
- I attempted to run stunnel in compatibility mode, set for Windows
XP SP3.
- I tried installing 2 previous versions of Stunnel.
All combinations produced exactly the same undesired result.
Finally, I stopped and uninstalled the service. Instead of using that method, I created a shortcut to stunnel.exe, and placed it in the start menu's startup folder, then rebooted.
Stunnel started at boot time, and all of the above issues were resolved.
As such, it seems like Stunnel just doesn't like to be run as a service on a Windows 7 64-bit machine; at least not on the one I own.
If you're encountering any stability issues with the Stunnel service in the Windows 7 64-bit environment, try my method. It works.
I'd like to extend a special thank you to Carter Browne, who provided valuable input throughout the course of my testing.
Regards,
Thomas
Thomas Eifert wrote:
For the benefit of the group, I thought I'd share some experiences I had when attempting to get Stunnel to run under Windows 7 SP1 64-bit.
Thank you for your feedback. The sad truth is that Windows version of stunnel is mostly tested under Windows XP. Maybe some day I will have more time (or a sponsor) to configure a Windows 7 testing platform and fix the issues you reported...
- The Stunnel status window displayed only configuration loads.
No output from any active connection was ever displayed, despite the fact that Stunnel was passing traffic to/from SSL-enabled servers.
I guess you might have more than one stunnel server started.
- Stunnel would not write to the log file. The error message
indicated that Stunnel was unable to open stunnel.log. Initially, I thought this might be a factor in the lack of status window connection output, so I commented the log statement out to eliminate it. I then reloaded the configuration. The issue of not seeing any connection info was unaffected.
It's likely the same problem. Default file operation semantics on Windows is to disallow more than one process opening the same file.
- The notification area icon would not appear on Stunnel service
load. It would mysteriously appear, then disappear, at seemingly random times.
Windows service should not display taskbar icon to prevent local privilege escalation http://en.wikipedia.org/wiki/Shatter_attack
To solve it would require major reengineering of Windows GUI http://www.stunnel.org/?page=sdf_todo
- Once the service was installed, it was not possible to stop it
or uninstall it from the provided start menu shortcuts. Whenever I attempted to do so, the Stunnel status window would appear. However, I was able to perform these actions successfully by opening a command prompt, then issuing the commands from there.
This definitely needs more testing...
Mike
-
Michal Trojnara -
Thomas Eifert