[stunnel-users] Hangs when connecting -- advice pls

Dave Gradwell davegradwell at yahoo.co.uk
Fri Sep 16 18:44:11 CEST 2016 

> On 16 Sep 2016, at 06:41, Małgorzata Olszówka <gosia at olszowka.net> wrote:
> 
>> 
>> My stunnel-sender.conf:
>> """""""""""""""""""
>> debug = 7
>> output = /Users/dave/Desktop/stunnel-test/sender-stunnel-output.log
>> foreground = yes
>> client = yes
>> connect = localhost:874
>> cert = /Users/dave/Desktop/stunnel-test/cert.pem
>> verify = 0
>> """""""""""""""""""
>> 
>> My stunnel-receiver.conf:
>> """""""""""""""""""
>> debug = 7
>> output = /Users/dave/Desktop/stunnel-test/receiver-stunnels-output.log
>> pid = /Users/dave/Desktop/stunnel-test/stunnel-rsyncd-stunnels.pid
>> cert = /Users/dave/Desktop/stunnel-test/cert.pem
>> verify = 0
>> delay = yes
>> exec = /Users/dave/Desktop/stunnel-test/rsync
>> execArgs = -vvvv --daemon --server --config=/Users/dave/Desktop/stunnel-test/stunnel-rsyncd.conf .
>> foreground = yes
>> client = no
>> """""""""""""""""""
> 
> Hi,
> I think you should pay attention to the execArgs option, turn off the foreground mode and connect the client to the server (not localhost).
> 
> Regards.

Hello,

> pay attention to the execArgs option
What about the execArgs do you think is wrong?  If it’s the trailing dot then it’s something to do with rsync (detailed here <https://lists.samba.org/archive/rsync-cvs/2013-July/007296.html>).
As far as I can tell, Stunnel doesn’t even get as far as invoking the executable because it never manages to finish connecting.

> and connect the client to the server (not localhost).
The server *is* on localhost.  So is the client.  The logs show the server is on port 874 and the client connected from port 51362 on this occasion.

Further information: I’ve also tried Stunnel 4.57 and this fails in exactly the same way.

It also bothers me that the last log line mentions SSLv3 (server) and SSLv2/v3 (client)… but the manual says "Obsolete SSLv2 and SSLv3 are currently disabled by default”.  So why would they appear in the log?  I’ve even explicitly disabled them with addition of "options = NO_SSLv2" and  "options = NO_SSLv3” lines in the confs, but this makes no difference.

— Dave.






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160916/dbc7e174/attachment.html>

More information about the stunnel-users mailing list