[stunnel-users] Hangs when connecting -- advice pls
Dave Gradwell
davegradwell at yahoo.co.uk
Fri Sep 16 18:44:11 CEST 2016
> On 16 Sep 2016, at 06:41, Małgorzata Olszówka <gosia at olszowka.net> wrote:
>
>>
>> My stunnel-sender.conf:
>> """""""""""""""""""
>> debug = 7
>> output = /Users/dave/Desktop/stunnel-test/sender-stunnel-output.log
>> foreground = yes
>> client = yes
>> connect = localhost:874
>> cert = /Users/dave/Desktop/stunnel-test/cert.pem
>> verify = 0
>> """""""""""""""""""
>>
>> My stunnel-receiver.conf:
>> """""""""""""""""""
>> debug = 7
>> output = /Users/dave/Desktop/stunnel-test/receiver-stunnels-output.log
>> pid = /Users/dave/Desktop/stunnel-test/stunnel-rsyncd-stunnels.pid
>> cert = /Users/dave/Desktop/stunnel-test/cert.pem
>> verify = 0
>> delay = yes
>> exec = /Users/dave/Desktop/stunnel-test/rsync
>> execArgs = -vvvv --daemon --server --config=/Users/dave/Desktop/stunnel-test/stunnel-rsyncd.conf .
>> foreground = yes
>> client = no
>> """""""""""""""""""
>
> Hi,
> I think you should pay attention to the execArgs option, turn off the foreground mode and connect the client to the server (not localhost).
>
> Regards.
Hello,
> pay attention to the execArgs option
What about the execArgs do you think is wrong? If it’s the trailing dot then it’s something to do with rsync (detailed here <https://lists.samba.org/archive/rsync-cvs/2013-July/007296.html>).
As far as I can tell, Stunnel doesn’t even get as far as invoking the executable because it never manages to finish connecting.
> and connect the client to the server (not localhost).
The server *is* on localhost. So is the client. The logs show the server is on port 874 and the client connected from port 51362 on this occasion.
Further information: I’ve also tried Stunnel 4.57 and this fails in exactly the same way.
It also bothers me that the last log line mentions SSLv3 (server) and SSLv2/v3 (client)… but the manual says "Obsolete SSLv2 and SSLv3 are currently disabled by default”. So why would they appear in the log? I’ve even explicitly disabled them with addition of "options = NO_SSLv2" and "options = NO_SSLv3” lines in the confs, but this makes no difference.
— Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160916/dbc7e174/attachment.html>
More information about the stunnel-users
mailing list