[stunnel-users] Newbie: Keep getting connection closed
david-e.hansen at ubs.com
david-e.hansen at ubs.com
Tue Aug 17 17:54:58 CEST 2004
Charles,
Check to see if you are being bitten by the "Eudora" problem -- add the following line to the top of your stunnel.conf file, and see if it magically starts working:
options = DONT_INSERT_EMPTY_FRAGMENTS
You can also see a related set of mails from myself, describing the problem we had.
Regards,
David Hansen
-----Original Message-----
From: stunnel-users-admin at mirt.net
[mailto:stunnel-users-admin at mirt.net]On Behalf Of Charles A. Monteiro
Sent: Dienstag, 17. August 2004 18:31
To: stunnel-users at mirt.net
Subject: [stunnel-users] Newbie: Keep getting connection closed
We are using a proprietary protocol over tcp/ip which works fine and has
for a number of years. I have tested it without stunnel and it checks fine
as well. I keep getting the connection closed when I run through stunnel.
I don't understand if something bad has actually happened i.e. from the
error warnings. Is an "alert" a bad thing i.e. does it indicate that
something is broken? Does stunnel normally close the connection after
every message exchange? I have included the logs for both the stunnel
client and server as well as the respective conf files.
thanks in advance,
-Charles
---------------------------------------
client log:
2004.08.17 11:13:27 LOG7[1824:1544]: 55555 accepted FD=536 from
127.0.0.1:1085
2004.08.17 11:13:27 LOG7[1824:1544]: FD 536 in non-blocking mode
2004.08.17 11:13:27 LOG7[1824:1544]: Creating a new thread
2004.08.17 11:13:27 LOG7[1824:1544]: New thread created
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 started
2004.08.17 11:13:27 LOG5[1824:1040]: 55555 connected from 127.0.0.1:1085
2004.08.17 11:13:27 LOG7[1824:1040]: FD 564 in non-blocking mode
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 connecting 192.168.20.76:55555
2004.08.17 11:13:27 LOG7[1824:1040]: remote connect #1: EWOULDBLOCK:
retrying
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: FD=564, DIR=write
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: ok
2004.08.17 11:13:27 LOG7[1824:1040]: Remote FD=564 initialized
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): before/connect
initialization
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write
client hello A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read
server hello A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read
server certificate A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read
server done A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write
client key exchange A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write
change cipher spec A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write
finished A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 flush data
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: FD=564, DIR=read
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: ok
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read
finished A
2004.08.17 11:13:27 LOG7[1824:1040]: 6 items in the session cache
2004.08.17 11:13:27 LOG7[1824:1040]: 7 client connects (SSL_connect())
2004.08.17 11:13:27 LOG7[1824:1040]: 7 client connects that finished
2004.08.17 11:13:27 LOG7[1824:1040]: 0 client renegotiatations requested
2004.08.17 11:13:27 LOG7[1824:1040]: 0 server connects (SSL_accept())
2004.08.17 11:13:27 LOG7[1824:1040]: 0 server connects that finished
2004.08.17 11:13:27 LOG7[1824:1040]: 0 server renegotiatiations
requested
2004.08.17 11:13:27 LOG7[1824:1040]: 1 session cache hits
2004.08.17 11:13:27 LOG7[1824:1040]: 0 session cache misses
2004.08.17 11:13:27 LOG7[1824:1040]: 0 session cache timeouts
2004.08.17 11:13:27 LOG6[1824:1040]: Negotiated ciphers:
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2004.08.17 11:13:27 LOG7[1824:1040]: Socket closed on read
2004.08.17 11:13:27 LOG7[1824:1040]: SSL write shutdown (output buffer
empty)
2004.08.17 11:13:27 LOG7[1824:1040]: SSL alert (write): warning: close
notify
2004.08.17 11:13:27 LOG7[1824:1040]: SSL_shutdown retrying
2004.08.17 11:13:27 LOG7[1824:1040]: SSL alert (read): warning: close
notify
2004.08.17 11:13:27 LOG7[1824:1040]: SSL closed on SSL_read
2004.08.17 11:13:27 LOG7[1824:1040]: Socket write shutdown (output buffer
empty)
2004.08.17 11:13:27 LOG5[1824:1040]: Connection closed: 110 bytes sent to
SSL, 13 bytes sent to socket
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 finished (0 left)
-------------------------------------------------------------
server log:
2004.08.17 11:03:12 LOG7[28177:3073021920]: 55555 accepted FD=7 from
192.168.20.77:1086
2004.08.17 11:03:12 LOG7[28177:3073021920]: FD 7 in non-blocking mode
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 started
2004.08.17 11:03:12 LOG5[28177:3062528944]: 55555 connected from
192.168.20.77:1086
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept):
before/accept initialization
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=7, DIR=read
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read
client hello A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3
write server hello A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3
write certificate A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3
write server done A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3
flush data
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=7, DIR=read
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read
client key exchange A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read
finished A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3
write change cipher spec A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3
write finished A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3
flush data
2004.08.17 11:03:12 LOG7[28177:3062528944]: 2 items in the session cache
2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 client connects
(SSL_connect())
2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 client connects that
finished
2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 client renegotiatations
requested
2004.08.17 11:03:12 LOG7[28177:3062528944]: 18 server connects
(SSL_accept())
2004.08.17 11:03:12 LOG7[28177:3062528944]: 10 server connects that
finished
2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 server renegotiatiations
requested
2004.08.17 11:03:12 LOG7[28177:3062528944]: 2 session cache hits
2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 session cache misses
2004.08.17 11:03:12 LOG7[28177:3062528944]: 6 session cache timeouts
2004.08.17 11:03:12 LOG6[28177:3062528944]: Negotiated ciphers:
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2004.08.17 11:03:12 LOG7[28177:3062528944]: FD 8 in non-blocking mode
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 connecting
192.168.20.76:4242
2004.08.17 11:03:12 LOG7[28177:3062528944]: remote connect #1:
EINPROGRESS: retrying
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=8, DIR=write
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: Remote FD=8 initialized
2004.08.17 11:03:12 LOG7[28177:3062528944]: Socket closed on read
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL alert (write): warning:
close notify
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL write shutdown (output
buffer empty)
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL alert (read): warning:
close notify
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL closed on SSL_read
2004.08.17 11:03:12 LOG7[28177:3062528944]: Socket write shutdown (output
buffer empty)
2004.08.17 11:03:12 LOG5[28177:3062528944]: Connection closed: 13 bytes
sent to SSL, 110 bytes sent to socket
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 finished (0 left)
-------------------------------------------------------------------------------------------------------------------
My client stunnel.conf:
cert=stunnel.pem
client=yes
debug=7
[55555]
accept=localhost:55555
connect=192.168.20.76:55555
- eof -
My server stunnel.conf:
cert=stunnel.pem
debug=7
output=stunnel.err
[55555]
accept=192.168.20.76:55555
connect=192.168.20.76:4242
- eof -
--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Visit our website at http://www.ubs.com
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
More information about the stunnel-users
mailing list