[stunnel-users] Stunnel 4.41 dies after a while
René Plattner
rene.plattner at uibk.ac.at
Mon Aug 8 17:46:47 CEST 2011
Hi,
I have compiled version 4.41 with xforwarded-for patch successfully for
our webmail system (Stunnel <-> Haproxy <-> Horde Webmail).
After a while the stunnel daemon dies and following message appears in log:
Aug 8 12:05:06 vlb2 [local3.err] stunnel: LOG3[3231:3085343632]:
SSL_accept: 140760FC: error:140760FC:SSL routines:
SSL23_GET_CLIENT_HELLO:unknown protocol
Any ideas/suggestions?
OS: Centos 5.5
openssl: 0.9.8e-12.el5_5.7
Configuration:
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all
; Disable SSLv2
options = NO_SSLv2
; List of allowed Ciphers
ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
; Disable FIPS
fips = no
; Some security enhancements for UNIX systems - comment them out on Win32
setuid = nobody
setgid = nobody
chroot = /usr/local/var/lib/stunnel/
; PID is created inside chroot jail
pid = /stunnel-webmail.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Option for Dummy MSIE
TIMEOUTclose=0
; Option for errorness SSL implementation
options = DONT_INSERT_EMPTY_FRAGMENTS
; Some debugging stuff useful for troubleshooting
debug = local3.4
; Run as Daemon
foreground = no
; Service-level configuration
[https]
cert = z1.pem
accept = ip1:443
connect = p1
xforwardedfor = yes
[https]
cert = z2.pem
accept = ip2:443
connect = p2
xforwardedfor = yes
[wmt]
cert = z3.pem
accept = ip3:443
connect = p3
xforwardedfor = yes
regards
René Plattner
More information about the stunnel-users
mailing list