[stunnel-users] Problem using stunnel on Windows 7
Brian Wilkins
bwilkins at gmail.com
Sat Nov 17 00:25:14 CET 2012
I didn't see a port setting in the clients stunnel.conf
On Nov 16, 2012 6:18 PM, "Hal Hovland" <hhovland at btconnect.com> wrote:
> I’ve spent days googling this and read everything relevant in the archives.
> ****
>
> ** **
>
> I’m developing a Windows 7 program that connects to a financial trading
> exchange that expects all communication to be SSL’d. Everything I read said
> that stunnel is the answer because of ease of installation and use. After a
> day of abortive attempts to link to the exchange, I decided to create a
> much simpler test environment involving two Windows 7 computers next to
> each other here.****
>
> ** **
>
> One, let’s call it Riven-II (192.168.1.9), is set up with a simple
> Listener program that listens on port 8000. From stunnel’s viewpoint this
> will be a server. The second machine, Lightning (192.168.1.158), has a
> simple Sender program that sends a text message via port 7999 to Riven-II (
> 192.168.1.9:8000) – this will be the Client. In the absence of stunnel,
> all messages sent from Lightning/Sender appears on the window of Listener.
> So far so good.****
>
> ** **
>
> I’ve downloaded and installed the very latest version (4.54) of stunnel on
> both machines. On installation I entered the same responses to the
> certificate generating process.****
>
> ** **
>
> On the Server machine, hard wired to a Broadband Router, I configured
> stunnel.conf as (removing comments for simplicity)****
>
> ** **
>
> *debug = 7*
>
> *output = stunnel.log*
>
> * *
>
> *socket = l:TCP_NODELAY=1*
>
> *socket = r:TCP_NODELAY=1*
>
> * *
>
> *cert = stunnel.pem*
>
> *key = stunnel.pem*
>
> * *
>
> *options = NO_SSLv2*
>
> * *
>
> *taskbar=yes*
>
> * *
>
> *[Listener]*
>
> *connect=8000*
>
> *accept=8001*
>
> ** **
>
> On the Client machine, connected to the router via wi-fi, we have in
> stunnel.conf****
>
> ** **
>
> *debug = 7*
>
> *output = stunnel.log*
>
> * *
>
> *cert = stunnel.pem*
>
> * *
>
> *socket = l:TCP_NODELAY=1*
>
> *socket = r:TCP_NODELAY=1*
>
> * *
>
> *fips=no*
>
> * *
>
> *options = NO_SSLv2*
>
> * *
>
> *delay=yes*
>
> *taskbar=yes*
>
> * *
>
> *client=yes*
>
> * *
>
> *[sender]*
>
> *accept = 0.0.0.0:7999 (I’ve tried just 7999 and 192.168.1.158:7999,
> here. Makes no difference)*
>
> *connect = 192.168.1.9:8001*
>
> ** **
>
> I’ve tried many variations with the same result, but the above is where
> they have ended up.****
>
> ** **
>
> My understanding of this is that stunnel both ends will be intercepting
> port 8000 on the Server and port 7999 on the Client and
> presenting/receiving SSL encoded messages across the wire on port 8001.***
> *
>
> ** **
>
> Starting stunnel in the Server (not as a Windows service, although I did
> try that as well) the following log appears:****
>
> ** **
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: No limit detected for the number of
> clients*
>
> *2012.11.16 22:34:08 LOG5[3484:6184]: stunnel 4.54 on x86-pc-msvc-1500
> platform*
>
> *2012.11.16 22:34:08 LOG5[3484:6184]: Compiled/running with OpenSSL
> 1.0.1c-fips 10 May 2012*
>
> *2012.11.16 22:34:08 LOG5[3484:6184]: Threading:WIN32
> SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6*
>
> *2012.11.16 22:34:08 LOG5[3484:6184]: Reading configuration from file
> stunnel.conf*
>
> *2012.11.16 22:34:08 LOG5[3484:6184]: FIPS mode is enabled*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Compression not enabled*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Snagged 64 random bytes from C:/.rnd
> *
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Wrote 1024 new random bytes to
> C:/.rnd*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: PRNG seeded successfully*
>
> *2012.11.16 22:34:08 LOG6[3484:6184]: Initializing service [Listener]*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Certificate: stunnel.pem*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Certificate loaded*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Key file: stunnel.pem*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Private key loaded*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Could not load DH parameters from
> stunnel.pem*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Using hardcoded DH parameters*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: DH initialized with 2048-bit key*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: ECDH initialized with curve
> prime256v1*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: SSL options set: 0x01000004*
>
> *2012.11.16 22:34:08 LOG5[3484:6184]: Configuration successful*
>
> *2012.11.16 22:34:08 LOG7[3484:6184]: Service [Listener] (FD=272) bound
> to 0.0.0.0:8001*
>
> ** **
>
> On the Client, the log shows:****
>
> ** **
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: No limit detected for the number of
> clients*
>
> *2012.11.16 22:25:53 LOG5[4184:4948]: stunnel 4.54 on x86-pc-msvc-1500
> platform*
>
> *2012.11.16 22:25:53 LOG5[4184:4948]: Compiled/running with OpenSSL
> 1.0.1c-fips 10 May 2012*
>
> *2012.11.16 22:25:53 LOG5[4184:4948]: Threading:WIN32
> SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6*
>
> *2012.11.16 22:25:53 LOG5[4184:4948]: Reading configuration from file
> stunnel.conf*
>
> *2012.11.16 22:25:53 LOG5[4184:4948]: FIPS mode is disabled*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: Compression not enabled*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: Snagged 64 random bytes from C:/.rnd
> *
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: Wrote 1024 new random bytes to
> C:/.rnd*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: PRNG seeded successfully*
>
> *2012.11.16 22:25:53 LOG6[4184:4948]: Initializing service [sender]*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: Certificate: stunnel.pem*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: Certificate loaded*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: Key file: stunnel.pem*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: Private key loaded*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: SSL options set: 0x01000004*
>
> *2012.11.16 22:25:53 LOG5[4184:4948]: Configuration successful*
>
> *2012.11.16 22:25:53 LOG7[4184:4948]: Service [sender] (FD=224) bound to
> 0.0.0.0:7999 *
>
> ** **
>
> Running the Listener on the Server and Sender on the Client adds nothing
> to the log, and port sniffers on both machines show traffic between 7999
> and 8000 (exactly the same as when stunnel is not running). No sign of the
> use of port 8001.****
>
> ** **
>
> I’d appreciate any input on this. I’m sure I must be doing something
> stupid, but I’ve watched hours of YouTube videos, read many hundreds of web
> pages, and been through the documentation quite a few times, to no avail.*
> ***
>
> ** **
>
> I have a Java based version, running in a JVM in the same Windows
> machines, that talks perfectly to the exchange using some inbuilt SSL
> capabilities of an included library, so that should probably eliminate any
> hardware/router issues?****
>
> ** **
>
> Regards, Hal****
>
> ** **
>
> ** **
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121116/45de3417/attachment.html>
More information about the stunnel-users
mailing list