[stunnel-users] Newbie: Keep getting connection closed

david-e.hansen at ubs.com david-e.hansen at ubs.com
Tue Aug 17 17:54:58 CEST 2004 

Charles,

Check to see if you are being bitten by the "Eudora" problem -- add the following line to the top of your stunnel.conf file, and see if it magically starts working:

options = DONT_INSERT_EMPTY_FRAGMENTS

You can also see a related set of mails from myself, describing the problem we had.

Regards,

David Hansen


-----Original Message-----
From: stunnel-users-admin at mirt.net
[mailto:stunnel-users-admin at mirt.net]On Behalf Of Charles A. Monteiro
Sent: Dienstag, 17. August 2004 18:31
To: stunnel-users at mirt.net
Subject: [stunnel-users] Newbie: Keep getting connection closed


We are using a proprietary protocol over tcp/ip which works fine and has  
for a number of years. I have tested it without stunnel and it checks fine  
as well. I keep getting the connection closed when I run through stunnel.  
I don't understand if something bad has actually happened i.e. from the  
error warnings. Is an "alert" a bad thing i.e. does it indicate that  
something is broken? Does stunnel normally close the connection after  
every message exchange? I have included the logs for both the stunnel  
client and server as well as the respective conf files.

thanks in advance,

-Charles

---------------------------------------

client log:

2004.08.17 11:13:27 LOG7[1824:1544]: 55555 accepted FD=536 from  
127.0.0.1:1085
2004.08.17 11:13:27 LOG7[1824:1544]: FD 536 in non-blocking mode
2004.08.17 11:13:27 LOG7[1824:1544]: Creating a new thread
2004.08.17 11:13:27 LOG7[1824:1544]: New thread created
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 started
2004.08.17 11:13:27 LOG5[1824:1040]: 55555 connected from 127.0.0.1:1085
2004.08.17 11:13:27 LOG7[1824:1040]: FD 564 in non-blocking mode
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 connecting 192.168.20.76:55555
2004.08.17 11:13:27 LOG7[1824:1040]: remote connect #1: EWOULDBLOCK:  
retrying
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: FD=564, DIR=write
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: ok
2004.08.17 11:13:27 LOG7[1824:1040]: Remote FD=564 initialized
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): before/connect  
initialization
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write  
client hello A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read  
server hello A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read  
server certificate A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read  
server done A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write  
client key exchange A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write  
change cipher spec A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write  
finished A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 flush data
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: FD=564, DIR=read
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: ok
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read  
finished A
2004.08.17 11:13:27 LOG7[1824:1040]:    6 items in the session cache
2004.08.17 11:13:27 LOG7[1824:1040]:    7 client connects (SSL_connect())
2004.08.17 11:13:27 LOG7[1824:1040]:    7 client connects that finished
2004.08.17 11:13:27 LOG7[1824:1040]:    0 client renegotiatations requested
2004.08.17 11:13:27 LOG7[1824:1040]:    0 server connects (SSL_accept())
2004.08.17 11:13:27 LOG7[1824:1040]:    0 server connects that finished
2004.08.17 11:13:27 LOG7[1824:1040]:    0 server renegotiatiations  
requested
2004.08.17 11:13:27 LOG7[1824:1040]:    1 session cache hits
2004.08.17 11:13:27 LOG7[1824:1040]:    0 session cache misses
2004.08.17 11:13:27 LOG7[1824:1040]:    0 session cache timeouts
2004.08.17 11:13:27 LOG6[1824:1040]: Negotiated ciphers:  
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
2004.08.17 11:13:27 LOG7[1824:1040]: Socket closed on read
2004.08.17 11:13:27 LOG7[1824:1040]: SSL write shutdown (output buffer  
empty)
2004.08.17 11:13:27 LOG7[1824:1040]: SSL alert (write): warning: close  
notify
2004.08.17 11:13:27 LOG7[1824:1040]: SSL_shutdown retrying
2004.08.17 11:13:27 LOG7[1824:1040]: SSL alert (read): warning: close  
notify
2004.08.17 11:13:27 LOG7[1824:1040]: SSL closed on SSL_read
2004.08.17 11:13:27 LOG7[1824:1040]: Socket write shutdown (output buffer  
empty)
2004.08.17 11:13:27 LOG5[1824:1040]: Connection closed: 110 bytes sent to  
SSL, 13 bytes sent to socket
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 finished (0 left)

-------------------------------------------------------------
server log:

2004.08.17 11:03:12 LOG7[28177:3073021920]: 55555 accepted FD=7 from  
192.168.20.77:1086
2004.08.17 11:03:12 LOG7[28177:3073021920]: FD 7 in non-blocking mode
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 started
2004.08.17 11:03:12 LOG5[28177:3062528944]: 55555 connected from  
192.168.20.77:1086
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept):  
before/accept initialization
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=7, DIR=read
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read  
client hello A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write server hello A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write certificate A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write server done A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
flush data
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=7, DIR=read
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read  
client key exchange A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read  
finished A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write change cipher spec A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write finished A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
flush data
2004.08.17 11:03:12 LOG7[28177:3062528944]:    2 items in the session cache
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 client connects  
(SSL_connect())
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 client connects that  
finished
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 client renegotiatations  
requested
2004.08.17 11:03:12 LOG7[28177:3062528944]:   18 server connects  
(SSL_accept())
2004.08.17 11:03:12 LOG7[28177:3062528944]:   10 server connects that  
finished
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 server renegotiatiations  
requested
2004.08.17 11:03:12 LOG7[28177:3062528944]:    2 session cache hits
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 session cache misses
2004.08.17 11:03:12 LOG7[28177:3062528944]:    6 session cache timeouts
2004.08.17 11:03:12 LOG6[28177:3062528944]: Negotiated ciphers:  
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
2004.08.17 11:03:12 LOG7[28177:3062528944]: FD 8 in non-blocking mode
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 connecting  
192.168.20.76:4242
2004.08.17 11:03:12 LOG7[28177:3062528944]: remote connect #1:  
EINPROGRESS: retrying
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=8, DIR=write
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: Remote FD=8 initialized
2004.08.17 11:03:12 LOG7[28177:3062528944]: Socket closed on read
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL alert (write): warning:  
close notify
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL write shutdown (output  
buffer empty)
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL alert (read): warning:  
close notify
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL closed on SSL_read
2004.08.17 11:03:12 LOG7[28177:3062528944]: Socket write shutdown (output  
buffer empty)
2004.08.17 11:03:12 LOG5[28177:3062528944]: Connection closed: 13 bytes  
sent to SSL, 110 bytes sent to socket
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 finished (0 left)

-------------------------------------------------------------------------------------------------------------------

My client stunnel.conf:

cert=stunnel.pem
client=yes
debug=7
[55555]
accept=localhost:55555
connect=192.168.20.76:55555
- eof -

My server stunnel.conf:

cert=stunnel.pem
debug=7
output=stunnel.err
[55555]
accept=192.168.20.76:55555
connect=192.168.20.76:4242
- eof -







-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

Visit our website at http://www.ubs.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

More information about the stunnel-users mailing list