[stunnel-users] stunnel receiving 15 signal after a few minutes
Jenna Hall
j.hall at nelsonjameson.com
Wed Aug 13 23:08:35 CEST 2014
Hello all,
I installed stunnel and freetds last August. I use a custom stunnel config
file (see below). It runs very well for about 5 minutes, but then receives
signal 15 from somewhere and terminates.
The box OS is CentOS release 6.5 (Final) and CPanel is running on it (I
believe CPanel uses its own stunnel for its ssl). Below I have the info for
the stunnel software that I installed.
Do you have any idea what process could be sending this termination signal
to my stunnel, or if something else is happening? Thanks in advance for
your help -- Jenna
stunnel info:
=============================================
stunnel 4.56 on x86_64-unknown-linux-gnu platform
Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010
Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
Global options:
debug = daemon.notice
pid = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options:
ciphers = FIPS (with "fips = yes")
ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH
(with "fips = no")
sessionCacheSize = 1000
sessionCacheTimeout = 300 seconds
sslVersion = TLSv1 (with "fips = yes")
sslVersion = TLSv1 for client, all for server (with "fips = no")
stack = 65536 bytes
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
Config file:
=============================================
cert = /usr/local/etc/stunnel/certs/server.crt
key = /usr/local/etc/stunnel/certs/server.key
CAFile = /usr/local/etc/stunnel/certs/ca.crt
CAPath = /usr/local/etc/stunnel/certs
pid = /usr/local/etc/stunnel/stunnel.pid
options = NO_SSLv2
debug = 7
output = /usr/local/etc/stunnel/stunnel.log
foreground = no
socket = r:TCP_NODELAY=1
[njstunnel]
accept = njstunnel
connect = web.mycompanyname.net:61667
retry = yes
client = yes
TIMEOUTconnect = 1
verify = 2
TIMEOUTbusy =1
TIMEOUTidle = 500
Here is the output from start up to receiving the signal 15:
=============================================
2014.08.13 15:47:01 LOG5[25039:140284139354048]: stunnel 4.29 on
x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010
2014.08.13 15:47:01 LOG5[25039:140284139354048]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2014.08.13 15:47:01 LOG5[25039:140284139354048]: 500 clients allowed
2014.08.13 15:50:03 LOG5[25045:140284139354048]: Received signal 15;
terminating
2014.08.13 15:51:02 LOG5[25347:140674811922368]: stunnel 4.29 on
x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010
2014.08.13 15:51:02 LOG5[25347:140674811922368]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2014.08.13 15:51:02 LOG5[25347:140674811922368]: 500 clients allowed
2014.08.13 15:51:44 LOG5[25355:140674811922368]: Received signal 15;
terminating
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Snagged 64 random bytes
from /dev/urandom
2014.08.13 15:51:46 LOG7[25419:140090284656576]: RAND_status claims
sufficient entropy for the PRNG
2014.08.13 15:51:46 LOG7[25419:140090284656576]: PRNG seeded successfully
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Configuration SSL options:
0x01000000
2014.08.13 15:51:46 LOG7[25419:140090284656576]: SSL options set: 0x01000004
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Certificate:
/usr/local/etc/stunnel/certs/server.crt
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Certificate loaded
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Key file:
/usr/local/etc/stunnel/certs/server.key
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Private key loaded
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Loaded verify certificates
from /usr/local/etc/stunnel/certs/ca.crt
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Loaded
/usr/local/etc/stunnel/certs/ca.crt revocation lookup file
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Verify directory set to
/usr/local/etc/stunnel/certs
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Added
/usr/local/etc/stunnel/certs revocation lookup directory
2014.08.13 15:51:46 LOG7[25419:140090284656576]: SSL context initialized
for service njstunnel
2014.08.13 15:51:46 LOG5[25419:140090284656576]: stunnel 4.29 on
x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010
2014.08.13 15:51:46 LOG5[25419:140090284656576]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2014.08.13 15:51:46 LOG6[25419:140090284656576]: file ulimit = 4096 (can be
changed with 'ulimit -n')
2014.08.13 15:51:46 LOG6[25419:140090284656576]: poll() used - no
FD_SETSIZE limit for file descriptors
2014.08.13 15:51:46 LOG5[25419:140090284656576]: 2000 clients allowed
2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 10 in non-blocking mode
2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 11 in non-blocking mode
2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 12 in non-blocking mode
2014.08.13 15:51:46 LOG7[25419:140090284656576]: SO_REUSEADDR option set on
accept socket
2014.08.13 15:51:46 LOG7[25419:140090284656576]: njstunnel bound to
0.0.0.0:19770
2014.08.13 15:51:46 LOG7[25425:140090284656576]: Created pid file
/usr/local/etc/stunnel/stunnel.pid
2014.08.13 15:55:03 LOG5[25425:140090284656576]: Received signal 15;
terminating
2014.08.13 15:55:03 LOG7[25425:140090284656576]: removing pid file
/usr/local/etc/stunnel/stunnel.pid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140813/5a1d0381/attachment.html>
More information about the stunnel-users
mailing list