First time user of Stunnel and I just wanted to check what I'm doing wrong.
I have two processes running: a TCP Listener that listens on port 13000 and a TCP client that sends it a message.
I'm running Stunnel on Windows 10 with the following config:
[myapp] client = yes accept = 13001 connect = 13000 cert = stunnel.pem TIMEOUTclose=0
I updated the TCP client to send the message to port 13001 but when I check Wireshark I can still see the contents of the message in plaintext. Shouldn't I no longer be able to see the unencrypted contents of this message?
Here are the relevant logs:
2021.01.27 20:57:26 LOG7[main]: Found 1 ready file descriptor(s) 2021.01.27 20:57:26 LOG7[main]: FD=588 ifds=r-x ofds=r-- 2021.01.27 20:57:26 LOG7[main]: FD=596 ifds=r-x ofds=--- 2021.01.27 20:57:26 LOG7[main]: Service [myapp] accepted (FD=924) from 127.0.0.1:9322 2021.01.27 20:57:26 LOG7[main]: Creating a new thread 2021.01.27 20:57:26 LOG7[main]: New thread created 2021.01.27 20:57:26 LOG7[2]: Service [myapp] started 2021.01.27 20:57:26 LOG7[2]: Setting local socket options (FD=924) 2021.01.27 20:57:26 LOG7[2]: Option TCP_NODELAY set on local socket 2021.01.27 20:57:26 LOG5[2]: Service [myapp] accepted connection from 127.0.0.1:9322 2021.01.27 20:57:26 LOG6[2]: s_connect: connecting 127.0.0.1:13000 2021.01.27 20:57:26 LOG7[2]: s_connect: s_poll_wait 127.0.0.1:13000: waiting 10 seconds 2021.01.27 20:57:26 LOG7[2]: FD=940 ifds=rwx ofds=--- 2021.01.27 20:57:26 LOG5[2]: s_connect: connected 127.0.0.1:13000 2021.01.27 20:57:26 LOG5[2]: Service [myapp] connected remote server from 127.0.0.1:9323 2021.01.27 20:57:26 LOG7[2]: Setting remote socket options (FD=940) 2021.01.27 20:57:26 LOG7[2]: Option TCP_NODELAY set on remote socket 2021.01.27 20:57:26 LOG7[2]: Remote descriptor (FD=940) initialized 2021.01.27 20:57:26 LOG6[2]: SNI: sending servername: localhost 2021.01.27 20:57:26 LOG6[2]: Peer certificate not required 2021.01.27 20:57:26 LOG7[2]: TLS state (connect): before SSL initialization 2021.01.27 20:57:26 LOG7[2]: Initializing application specific data for session authenticated 2021.01.27 20:57:26 LOG7[2]: TLS state (connect): SSLv3/TLS write client hello
Sorry, I replied to your address instead my mistake :S
On Wed, 27 Jan 2021 21:11:53 +0000 David Brower davidbrower@hotmail.com wrote:
Hi,
That is perfectly normal. Between the program and Stunnel all is sent in plain text. Then Stunnel sends it to a server already encrypted. Consider it as a road tunnel. You see the cars entering and exiting, but not on transit. S-tunnel. Secure-Tunnel.
Unless you have a malware locally capable to sniff loopback/assigned addresses or you are sending unencrypted to a Stunnel instance in another machine (sent to that machine in plain text until reach the Stunnel instance) in a vulnerable network, that shouldn't worry you.
Regards.
Dear All,
I find the root cause for the email ip address. Thank you for all suggestion.
Thanks, Alfred
From: David Brower davidbrower@hotmail.com Sent: Thursday, January 28, 2021 5:12 AM To: stunnel-users@stunnel.org Subject: [stunnel-users] Seeing Message in Plain Text in Wireshark
[External email] Please be cautious when clicking on any links or attachments. ________________________________ First time user of Stunnel and I just wanted to check what I'm doing wrong.
I have two processes running: a TCP Listener that listens on port 13000 and a TCP client that sends it a message.
I'm running Stunnel on Windows 10 with the following config:
[myapp] client = yes accept = 13001 connect = 13000 cert = stunnel.pem TIMEOUTclose=0
I updated the TCP client to send the message to port 13001 but when I check Wireshark I can still see the contents of the message in plaintext. Shouldn't I no longer be able to see the unencrypted contents of this message?
Here are the relevant logs:
2021.01.27 20:57:26 LOG7[main]: Found 1 ready file descriptor(s) 2021.01.27 20:57:26 LOG7[main]: FD=588 ifds=r-x ofds=r-- 2021.01.27 20:57:26 LOG7[main]: FD=596 ifds=r-x ofds=--- 2021.01.27 20:57:26 LOG7[main]: Service [myapp] accepted (FD=924) from 127.0.0.1:9322 2021.01.27 20:57:26 LOG7[main]: Creating a new thread 2021.01.27 20:57:26 LOG7[main]: New thread created 2021.01.27 20:57:26 LOG7[2]: Service [myapp] started 2021.01.27 20:57:26 LOG7[2]: Setting local socket options (FD=924) 2021.01.27 20:57:26 LOG7[2]: Option TCP_NODELAY set on local socket 2021.01.27 20:57:26 LOG5[2]: Service [myapp] accepted connection from 127.0.0.1:9322 2021.01.27 20:57:26 LOG6[2]: s_connect: connecting 127.0.0.1:13000 2021.01.27 20:57:26 LOG7[2]: s_connect: s_poll_wait 127.0.0.1:13000: waiting 10 seconds 2021.01.27 20:57:26 LOG7[2]: FD=940 ifds=rwx ofds=--- 2021.01.27 20:57:26 LOG5[2]: s_connect: connected 127.0.0.1:13000 2021.01.27 20:57:26 LOG5[2]: Service [myapp] connected remote server from 127.0.0.1:9323 2021.01.27 20:57:26 LOG7[2]: Setting remote socket options (FD=940) 2021.01.27 20:57:26 LOG7[2]: Option TCP_NODELAY set on remote socket 2021.01.27 20:57:26 LOG7[2]: Remote descriptor (FD=940) initialized 2021.01.27 20:57:26 LOG6[2]: SNI: sending servername: localhost 2021.01.27 20:57:26 LOG6[2]: Peer certificate not required 2021.01.27 20:57:26 LOG7[2]: TLS state (connect): before SSL initialization 2021.01.27 20:57:26 LOG7[2]: Initializing application specific data for session authenticated 2021.01.27 20:57:26 LOG7[2]: TLS state (connect): SSLv3/TLS write client hello
-
David Brower -
Javier -
Wong Pui Hong Alfred (NCS)