I've compiled stunnel for Windows CE 5.0 and 6.0, and am running it on an ARM device. It is being used in client mode to secure communications to various external servers with not problems. It is also being used to secure Windows CE's webserver.
All of the client mode connections are working flawlessly (thanks for the awesome work, by the way!). The webserver is working properly for all browsers except MSIE 11. Everything I've seen tells me that the problem is not really with stunnel or openssl, but with Internet Explorer. I've spent some time searching the mailing list archives and on Google, but haven't really found a solution to this, besides the obvious "well, don't use IE." I'd love to go with the answer, but some of our users are locked into IE, and let's must make it a given that the choice of browser can't be changed.
The browser connects, negotiates a connection, and then exchanges keys and certificates. Using the debug console in IE I see that it sends the initial "GET /". Then the browser sees the response header, but no "body" data. Again, I realize this isn't a specific stunnel issue, but I'm hoping someone on the list has seen a similar issue and found a resolution.
I've stripped stunnel.conf down to the very basics (some paths removed for clarity):
; Stunnel config for device debug = 7 output = <path removed>stunnel.log options = -NO_SSLv3 log = overwrite
;********* SERVICES ***********
[https-server] client = no accept = 443 connect = 127.0.0.1:9975 cert = <path removed>stunnel.pem delay = yes TIMEOUTbusy = 5 TIMEOUTclose = 0 TIMEOUTidle = 30
Stunnel log output. I do see the "Peer suddenly disconnected" messages, but again; I'm not sure why. The last two lines of the log are the "transfer() loop executes not transferring any data":
3916.06.12 08:21:19 LOG7[ui]: Service [https-server] accepted (FD=9) from 192.168.55.77:12377 3916.06.12 08:21:19 LOG7[ui]: Creating a new thread 3916.06.12 08:21:19 LOG7[ui]: New thread created 3916.06.12 08:21:19 LOG7[0]: Service [https-server] started 3916.06.12 08:21:19 LOG5[0]: Service [https-server] accepted connection from 192.168.55.77:12377 3916.06.12 08:21:19 LOG7[0]: SSL state (accept): before/accept initialization 3916.06.12 08:21:19 LOG7[0]: SNI: no virtual services defined 3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 read client hello A 3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 write server hello A 3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 write certificate A 3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 write key exchange A 3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 write server done A 3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 flush data 3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 read client certificate A 3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 read client key exchange A 3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 read certificate verify A 3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 read finished A 3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 write change cipher spec A 3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 write finished A 3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 flush data 3916.06.12 08:21:20 LOG7[0]: New session callback 3916.06.12 08:21:20 LOG7[0]: 1 server accept(s) requested 3916.06.12 08:21:20 LOG7[0]: 1 server accept(s) succeeded 3916.06.12 08:21:20 LOG7[0]: 0 server renegotiation(s) requested 3916.06.12 08:21:20 LOG7[0]: 0 session reuse(s) 3916.06.12 08:21:20 LOG7[0]: 0 internal session cache item(s) 3916.06.12 08:21:20 LOG7[0]: 0 internal session cache fill-up(s) 3916.06.12 08:21:20 LOG7[0]: 0 internal session cache miss(es) 3916.06.12 08:21:20 LOG7[0]: 0 external session cache hit(s) 3916.06.12 08:21:20 LOG7[0]: 0 expired session(s) retrieved 3916.06.12 08:21:20 LOG6[0]: SSL accepted: new session negotiated 3916.06.12 08:21:20 LOG6[0]: No peer certificate received 3916.06.12 08:21:20 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-SHA384 (256-bit encryption) 3916.06.12 08:21:20 LOG7[0]: Compression: null, expansion: null 3916.06.12 08:21:20 LOG6[0]: s_connect: connecting 127.0.0.1:9775 3916.06.12 08:21:20 LOG6[0]: s_connect: connected 127.0.0.1:9775 3916.06.12 08:21:20 LOG6[0]: persistence: 127.0.0.1:9775 cached 3916.06.12 08:21:20 LOG5[0]: Service [https-server] connected remote server from 127.0.0.1:49277 3916.06.12 08:21:20 LOG7[0]: Remote descriptor (FD=11) initialized 3916.06.12 08:21:20 LOG6[0]: SSL socket closed (SSL_read) 3916.06.12 08:21:20 LOG7[0]: Sent socket write shutdown 3916.06.12 08:21:20 LOG5[0]: Connection closed: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 3916.06.12 08:21:20 LOG7[0]: Remote descriptor (FD=11) closed 3916.06.12 08:21:20 LOG7[0]: Local descriptor (FD=9) closed 3916.06.12 08:21:20 LOG7[0]: Service [https-server] finished (0 left) 3916.06.12 08:21:22 LOG7[ui]: Found 1 ready file descriptor(s) 3916.06.12 08:21:22 LOG7[ui]: FD=5 ifds=r-x ofds=--- 3916.06.12 08:21:22 LOG7[ui]: Service [https-server] accepted (FD=13) from 192.168.55.77:30351 3916.06.12 08:21:22 LOG7[ui]: Creating a new thread 3916.06.12 08:21:22 LOG7[ui]: New thread created 3916.06.12 08:21:22 LOG7[1]: Service [https-server] started 3916.06.12 08:21:22 LOG5[1]: Service [https-server] accepted connection from 192.168.55.77:30351 3916.06.12 08:21:22 LOG7[1]: SSL state (accept): before/accept initialization 3916.06.12 08:21:22 LOG7[1]: SNI: no virtual services defined 3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 read client hello A 3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 write server hello A 3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 write change cipher spec A 3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 write finished A 3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 flush data 3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 read finished A 3916.06.12 08:21:22 LOG7[1]: 2 server accept(s) requested 3916.06.12 08:21:22 LOG7[1]: 2 server accept(s) succeeded 3916.06.12 08:21:22 LOG7[1]: 0 server renegotiation(s) requested 3916.06.12 08:21:22 LOG7[1]: 1 session reuse(s) 3916.06.12 08:21:22 LOG7[1]: 1 internal session cache item(s) 3916.06.12 08:21:22 LOG7[1]: 0 internal session cache fill-up(s) 3916.06.12 08:21:22 LOG7[1]: 0 internal session cache miss(es) 3916.06.12 08:21:22 LOG7[1]: 0 external session cache hit(s) 3916.06.12 08:21:22 LOG7[1]: 0 expired session(s) retrieved 3916.06.12 08:21:22 LOG6[1]: SSL accepted: previous session reused 3916.06.12 08:21:22 LOG6[1]: s_connect: connecting 127.0.0.1:9775 3916.06.12 08:21:22 LOG6[1]: s_connect: connected 127.0.0.1:9775 3916.06.12 08:21:22 LOG6[1]: persistence: 127.0.0.1:9775 cached 3916.06.12 08:21:22 LOG5[1]: Service [https-server] connected remote server from 127.0.0.1:49278 3916.06.12 08:21:22 LOG7[1]: Remote descriptor (FD=15) initialized 3916.06.12 08:21:22 LOG6[1]: SSL socket closed (SSL_read) 3916.06.12 08:21:22 LOG7[1]: Sent socket write shutdown 3916.06.12 08:21:22 LOG5[1]: Connection closed: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 3916.06.12 08:21:22 LOG7[1]: Remote descriptor (FD=15) closed 3916.06.12 08:21:22 LOG7[1]: Local descriptor (FD=13) closed 3916.06.12 08:21:22 LOG7[1]: Service [https-server] finished (0 left) 3916.06.12 08:21:22 LOG7[ui]: Found 1 ready file descriptor(s) 3916.06.12 08:21:22 LOG7[ui]: FD=5 ifds=r-x ofds=--- 3916.06.12 08:21:22 LOG7[ui]: Service [https-server] accepted (FD=17) from 192.168.55.77:30352 3916.06.12 08:21:22 LOG7[ui]: Creating a new thread 3916.06.12 08:21:22 LOG7[ui]: New thread created 3916.06.12 08:21:22 LOG7[2]: Service [https-server] started 3916.06.12 08:21:22 LOG5[2]: Service [https-server] accepted connection from 192.168.55.77:30352 3916.06.12 08:21:22 LOG7[2]: SSL state (accept): before/accept initialization 3916.06.12 08:21:22 LOG7[2]: SNI: no virtual services defined 3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 read client hello A 3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 write server hello A 3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 write change cipher spec A 3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 write finished A 3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 flush data 3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 read finished A 3916.06.12 08:21:22 LOG7[2]: 3 server accept(s) requested 3916.06.12 08:21:22 LOG7[2]: 3 server accept(s) succeeded 3916.06.12 08:21:22 LOG7[2]: 0 server renegotiation(s) requested 3916.06.12 08:21:22 LOG7[2]: 2 session reuse(s) 3916.06.12 08:21:22 LOG7[2]: 1 internal session cache item(s) 3916.06.12 08:21:22 LOG7[2]: 0 internal session cache fill-up(s) 3916.06.12 08:21:22 LOG7[2]: 0 internal session cache miss(es) 3916.06.12 08:21:22 LOG7[2]: 0 external session cache hit(s) 3916.06.12 08:21:22 LOG7[2]: 0 expired session(s) retrieved 3916.06.12 08:21:22 LOG6[2]: SSL accepted: previous session reused 3916.06.12 08:21:22 LOG6[2]: s_connect: connecting 127.0.0.1:9775 3916.06.12 08:21:22 LOG6[2]: s_connect: connected 127.0.0.1:9775 3916.06.12 08:21:22 LOG6[2]: persistence: 127.0.0.1:9775 cached 3916.06.12 08:21:22 LOG5[2]: Service [https-server] connected remote server from 127.0.0.1:49279 3916.06.12 08:21:22 LOG7[2]: Remote descriptor (FD=19) initialized 3916.06.12 08:21:22 LOG3[2]: SSL socket closed (SSL_read) with 10137 unsent byte(s) 3916.06.12 08:21:22 LOG5[2]: Connection reset: 239 byte(s) sent to SSL, 553 byte(s) sent to socket 3916.06.12 08:21:22 LOG7[2]: Remote descriptor (FD=19) closed 3916.06.12 08:21:22 LOG7[2]: Local descriptor (FD=17) closed 3916.06.12 08:21:22 LOG7[2]: Service [https-server] finished (0 left) 3916.06.12 08:21:23 LOG7[ui]: Found 1 ready file descriptor(s) 3916.06.12 08:21:23 LOG7[ui]: FD=5 ifds=r-x ofds=--- 3916.06.12 08:21:23 LOG7[ui]: Service [https-server] accepted (FD=21) from 192.168.55.77:30353 3916.06.12 08:21:23 LOG7[ui]: Creating a new thread 3916.06.12 08:21:23 LOG7[ui]: New thread created 3916.06.12 08:21:23 LOG7[3]: Service [https-server] started 3916.06.12 08:21:23 LOG5[3]: Service [https-server] accepted connection from 192.168.55.77:30353 3916.06.12 08:21:23 LOG7[3]: SSL state (accept): before/accept initialization 3916.06.12 08:21:23 LOG7[3]: SNI: no virtual services defined 3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 read client hello A 3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 write server hello A 3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 write change cipher spec A 3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 write finished A 3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 flush data 3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 read finished A 3916.06.12 08:21:23 LOG7[3]: 4 server accept(s) requested 3916.06.12 08:21:23 LOG7[3]: 4 server accept(s) succeeded 3916.06.12 08:21:23 LOG7[3]: 0 server renegotiation(s) requested 3916.06.12 08:21:23 LOG7[3]: 3 session reuse(s) 3916.06.12 08:21:23 LOG7[3]: 1 internal session cache item(s) 3916.06.12 08:21:23 LOG7[3]: 0 internal session cache fill-up(s) 3916.06.12 08:21:23 LOG7[3]: 0 internal session cache miss(es) 3916.06.12 08:21:23 LOG7[3]: 0 external session cache hit(s) 3916.06.12 08:21:23 LOG7[3]: 0 expired session(s) retrieved 3916.06.12 08:21:23 LOG6[3]: SSL accepted: previous session reused 3916.06.12 08:21:23 LOG6[3]: s_connect: connecting 127.0.0.1:9775 3916.06.12 08:21:23 LOG6[3]: s_connect: connected 127.0.0.1:9775 3916.06.12 08:21:23 LOG6[3]: persistence: 127.0.0.1:9775 cached 3916.06.12 08:21:23 LOG5[3]: Service [https-server] connected remote server from 127.0.0.1:49280 3916.06.12 08:21:23 LOG7[3]: Remote descriptor (FD=23) initialized 3916.06.12 08:21:23 LOG6[3]: Read socket closed (readsocket) 3916.06.12 08:21:23 LOG7[3]: Sending close_notify alert 3916.06.12 08:21:23 LOG7[3]: SSL alert (write): warning: close notify 3916.06.12 08:21:23 LOG6[3]: SSL_shutdown successfully sent close_notify alert 3916.06.12 08:21:23 LOG3[3]: transfer() loop executes not transferring any data 3916.06.12 08:21:23 LOG3[3]: please report the problem to Michal.Trojnara@mirt.net
-
Brugman, Matt