[stunnel-users] IRC-Reconnect failed with "[10053] Software caused connection abort"(mIRC) and "SSL_connect: Peer suddenly disconnected"(tstunnel.exe)

ralf29587 at gmx.de ralf29587 at gmx.de
Tue Sep 3 13:14:25 CEST 2013


Hi,

I have a problem using stunnel with mIRC:

I was using a pretty old version of stunnel.exe that was packed with a 
mIRC script and could be ran as a command-line-only application without 
a configuration file (supplying all necessary informations parameters).
I know that current mIRC version have their own ssl support, but I 
prefer an old version without because it has much better performance.
The old one was used by "stunnel.exe -c -d localhost:<localport> -r 
<irc-server-ip>:<irc-server-port>" in command line and "/server 
localhost:<localport>" in irc.

A few of my servers stopped supporting an old ssl version, this old 
stunnel.exe is no longer compatible to the new (open)ssl dll files and 
so I had to upgrade to the most recent version of stunnel - and I have 
some problems make it run properly.

Here you can see my configuration file (stunnel.conf):

    ; Sample stunnel configuration file for Win32 by Michal Trojnara
    2002-2012
    ; Some options used here may be inadequate for your particular
    configuration
    ; This sample file does *not* represent stunnel.conf defaults
    ; Please consult the manual for detailed description of available
    options

    ;
    **************************************************************************
    ; * Global
    options                                                         *
    ;
    **************************************************************************

    ; Debugging stuff (may useful for troubleshooting)
    ;debug = 7
    ;output = stunnel.log

    ; Disable FIPS mode to allow non-approved protocols and algorithms
    ;fips = no

    ;
    **************************************************************************
    ; * Service defaults may also be specified in individual service
    sections  *
    ;
    **************************************************************************

    ; Certificate/key is needed in server mode and optional in client mode
    ;cert = stunnel.pem
    ;key = stunnel.pem

    ; Authentication stuff needs to be configured to prevent MITM attacks
    ; It is not enabled by default!
    ;verify = 2
    ; Don't forget to c_rehash CApath
    ;CApath = certs
    ; It's often easier to use CAfile
    ;CAfile = certs.pem
    ; Don't forget to c_rehash CRLpath
    ;CRLpath = crls
    ; Alternatively CRLfile can be used
    ;CRLfile = crls.pem

    ; Disable support for insecure SSLv2 protocol
    options = NO_SSLv2
    ; Workaround for Eudora bug
    ;options = DONT_INSERT_EMPTY_FRAGMENTS

    ; These options provide additional security at some performance
    degradation
    ;options = SINGLE_ECDH_USE
    ;options = SINGLE_DH_USE

    ;
    **************************************************************************
    ; * Service definitions (at least one service has to be
    defined)           *
    ;
    **************************************************************************

    ; Example SSL server mode services

    ;[pop3s]
    ;accept  = 995
    ;connect = 110

    ;[imaps]
    ;accept  = 993
    ;connect = 143

    ;[ssmtp]
    ;accept  = 465
    ;connect = 25

    ; Example SSL client mode services

    ;[gmail-pop3]
    ;client = yes
    ;accept = 127.0.0.1:110
    ;connect = pop.gmail.com:995

    ;[gmail-imap]
    ;client = yes
    ;accept = 127.0.0.1:143
    ;connect = imap.gmail.com:993

    ;[gmail-smtp]
    ;client = yes
    ;accept = 127.0.0.1:25
    ;connect = smtp.gmail.com:465

    ; Example SSL front-end to a web server

    ;[https]
    ;accept  = 443
    ;connect = 80
    ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
    ; Microsoft implementations do not use SSL close-notify alert and thus
    ; they are vulnerable to truncation attacks
    ;TIMEOUTclose = 0

    ; vim:ft=dosini

    [abjects]
    client = yes
    accept = 127.0.0.1:7001
    connect = irc.abjects.net:9999

    [Elite-IRC]
    client = yes
    accept = 127.0.0.1:7002
    connect = SpeedSpace-IRC.eu:6697

    [BodenTruppe]
    client = yes
    accept = 127.0.0.1:7003
    connect = boden-truppe.zapto.org:7001

    [LinkNet]
    client = yes
    accept = 127.0.0.1:7004
    connect = irc.link-net.nl:7000


The first connect always works properly (as shown in the log below):

    2013.09.03 12:30:45 LOG5[10696:9140]: stunnel 4.56 on
    x86-pc-msvc-1500 platform
    2013.09.03 12:30:45 LOG5[10696:9140]: Compiled/running with OpenSSL
    1.0.1e-fips11 Feb 2013
    2013.09.03 12:30:45 LOG5[10696:9140]: Threading:WIN32
    Sockets:SELECT,IPv6 SSL:ENGINE,OCSP,FIPS
    2013.09.03 12:30:45 LOG5[10696:9140]: Reading configuration from
    file stunnel.conf
    2013.09.03 12:30:45 LOG5[10696:9140]: FIPS mode is enabled
    2013.09.03 12:30:45 LOG5[10696:9140]: Configuration successful
    2013.09.03 12:30:53 LOG5[10696:10756]: Service [abjects] accepted
    connection from 127.0.0.1:3397
    2013.09.03 12:30:53 LOG5[10696:10756]: connect_blocking: connected
    188.126.73.62:9999
    2013.09.03 12:30:53 LOG5[10696:10756]: Service [abjects] connected
    remote server from 192.168.1.10:3398
    2013.09.03 12:30:54 LOG5[10696:14396]: Service [LinkNet] accepted
    connection from 127.0.0.1:3399
    2013.09.03 12:30:54 LOG5[10696:14396]: connect_blocking: connected
    194.126.217.98:7000
    2013.09.03 12:30:54 LOG5[10696:14396]: Service [LinkNet] connected
    remote server from 192.168.1.10:3400
    2013.09.03 12:30:54 LOG5[10696:2916]: Service [BodenTruppe] accepted
    connectionfrom 127.0.0.1:3401
    2013.09.03 12:30:54 LOG5[10696:2916]: connect_blocking: connected
    178.254.22.94:7001
    2013.09.03 12:30:54 LOG5[10696:2916]: Service [BodenTruppe]
    connected remote server from 192.168.1.10:3402
    2013.09.03 12:30:54 LOG5[10696:12260]: Service [Elite-IRC] accepted
    connection from 127.0.0.1:3403
    2013.09.03 12:30:54 LOG5[10696:12260]: connect_blocking: connected
    62.75.235.122:6697
    2013.09.03 12:30:54 LOG5[10696:12260]: Service [Elite-IRC] connected
    remote server from 192.168.1.10:3404


But when I try to reconnect, it doesn't work for 2 of my 4 servers
This is an example for what happens to Elite-IRC:

    2013.09.03 12:32:22 LOG5[10696:12260]: Connection closed: 1972
    byte(s) sent to SSL, 26903 byte(s) sent to socket
    2013.09.03 12:32:23 LOG5[10696:17168]: Service [Elite-IRC] accepted
    connection from 127.0.0.1:3429
    2013.09.03 12:32:23 LOG5[10696:17168]: connect_blocking: connected
    62.75.235.122:6697
    2013.09.03 12:32:23 LOG5[10696:17168]: Service [Elite-IRC] connected
    remote server from 192.168.1.10:3430
    2013.09.03 12:32:23 LOG3[10696:17168]: SSL_connect: Peer suddenly
    disconnected
    2013.09.03 12:32:23 LOG5[10696:17168]: Connection reset: 0 byte(s)
    sent to SSL,0 byte(s) sent to socket

The frist line shows the manual disconnect occured by executing "/server 
localhost:7002" in mIRC.
The second line shows the new incoming connection from my mIRC.
The third line? ... I got no clue why it has to block anything.
The fourth line: Successfully connected to IRC-Server?
And then the fifth line occurs. I'm not sure if I interpret it right, 
but for some reason tstunnel.exe is kicking out my connected mIRC client 
which makes mIRC to tell me "[10053] Software caused connection abort".

The whole lines in mIRC are:

    [12:34pm] * Connect retry #1 localhost (7003)
    ------------------------------------------------------------
    [12:34pm] * [10053] Software caused connection abort
    ------------------------------------------------------------
    [12:34pm] * Disconnected

By the way, I have packed libeay32.dll, ssleay32.dll, stunnel.conf and 
tstunnel.exe in a subdir in mIRC directory
and I'm starting it using "tstunnel.exe stunnel.conf"

When this error occurs, I have to kill tstunnel.exe and start it again - 
then everything works fine again.
For 1 of 4 servers, I also had this error with the old command-line 
stunnel.exe and I just wrote a script killing (only this) stunnel.exe 
and restarting it when this mIRC error occurs. Unfortunately this is no 
longer possible when tstunnel.exe is using a configuration file and one 
process is managing all connections.


Is there any way I can fix this?
(Maybe by fixing the logout of my local mIRC from my local tstunnel.exe?)

Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130903/9cab4670/attachment.html>


More information about the stunnel-users mailing list