My company uses stunnel on a telecom product and we have run into a strange problem. One of our customers sees an issue every couple weeks where the stunnel process becomes busted. Attempts to establish a connection through stunnel to any host hang indefinitely. Interface stats indicate that stunnel sends and receives a flurry of packets--as if a TLS connection was successfully established--but the local plaintext socket connection to stunnel never passes data. For example, if attempting to run telnet over stunnel, the telnet client just sits there and doesn't write anything to the terminal. During this time the network is otherwise functioning fine.
Unfortunately nothing is logged by stunnel when this happens and we haven't been able to reproduce the problem in a controlled environment. Does anyone have any ideas what might be happening?
We currently use stunnel 4.35 with debug = warning, sslVersion = TLSv1, and verify = 2.
On Tue, 9 Aug 2011 10:39:44 -0700, Tristan Schmelcher tristan_schmelcher@alumni.uwaterloo.ca wrote:
...
problem. One of our customers sees an issue every couple weeks where the stunnel process becomes busted. Attempts to establish a connection through stunnel to any host hang indefinitely. Interface stats indicate that stunnel sends and receives a flurry of packets--as if a TLS connection was successfully established--but the local plaintext socket connection to stunnel never passes data. For example, if attempting to run telnet over stunnel, the telnet client just sits there and doesn't write anything to the terminal. During this time the network is otherwise functioning fine.
Things that comes to my mind: * I had a mobo w/ a funny onboard ethernet I/F: after "some" networking, it needed a linux driver reload (or w$ reboot) - never knew why, * a MiM missed attack could also give this result (cli should watch arp), * Even though I'm downtown the renewal of my adsl box lease takes almost 4 minutes to "stabilize".
JY
On Tue, Aug 9, 2011 at 11:34 AM, Jean-Yves F. Barbier 12ukwn@gmail.comwrote:
On Tue, 9 Aug 2011 10:39:44 -0700, Tristan Schmelcher tristan_schmelcher@alumni.uwaterloo.ca wrote:
Things that comes to my mind:
- I had a mobo w/ a funny onboard ethernet I/F: after "some" networking, it
needed a linux driver reload (or w$ reboot) - never knew why,
- a MiM missed attack could also give this result (cli should watch arp),
- Even though I'm downtown the renewal of my adsl box lease takes almost 4
minutes to "stabilize".
Thanks for the ideas! Unfortunately in my case the network is working fine, including on the affected devices. Even though stunnel connections to hosts hang, pings to those same hosts work fine.
If the device was being targeted be a MITM attack I would be thrilled. Unfortunately this customer is not a very high profile company, so I think it is probably something less exciting. :/
JY
I can't die until the government finds a safe place to bury my liver. -- Phil Harris
-
Jean-Yves F. Barbier -
Tristan Schmelcher