[stunnel-users] Stunnel 4.41 dies after a while

René Plattner rene.plattner at uibk.ac.at
Mon Aug 8 17:46:47 CEST 2011


Hi,

I have compiled version 4.41 with xforwarded-for patch successfully for
our webmail system (Stunnel <-> Haproxy <-> Horde Webmail).
After a while the stunnel daemon dies and following message appears in log:

Aug  8 12:05:06 vlb2 [local3.err] stunnel: LOG3[3231:3085343632]:
SSL_accept: 140760FC: error:140760FC:SSL routines:
SSL23_GET_CLIENT_HELLO:unknown protocol

Any ideas/suggestions?

OS: Centos 5.5
openssl: 0.9.8e-12.el5_5.7

Configuration:

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all

; Disable SSLv2
options = NO_SSLv2

; List of allowed Ciphers
ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

; Disable FIPS
fips = no

; Some security enhancements for UNIX systems - comment them out on Win32
setuid = nobody
setgid = nobody
chroot = /usr/local/var/lib/stunnel/
; PID is created inside chroot jail
pid = /stunnel-webmail.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Option for Dummy MSIE
TIMEOUTclose=0
; Option for errorness SSL implementation
options = DONT_INSERT_EMPTY_FRAGMENTS

; Some debugging stuff useful for troubleshooting
debug = local3.4

; Run as Daemon
foreground = no

; Service-level configuration

[https]
cert = z1.pem
accept = ip1:443
connect = p1
xforwardedfor = yes

[https]
cert = z2.pem
accept = ip2:443
connect = p2
xforwardedfor = yes

[wmt]
cert = z3.pem
accept = ip3:443
connect = p3
xforwardedfor = yes

regards

René Plattner



More information about the stunnel-users mailing list