[stunnel-users] Help in setting stunnel in client mode to connect webservice in mutual authentication

Chokkalingam, Jothish jothish.chokkalingam at accenture.com
Fri Apr 28 09:30:49 CEST 2017


Hi
Can you help in sorting it out below scenario
We have a URL whose TLS is 1.0 and now it is being upgraded to 1.2. Since the current application doesn't support V1.0 I am planning to use stunnel in between to fix the gap. Can you help if my below config is correct or not. The communication between client and server is MASSL(mutual authentication SSL)

[Billpay46200]
client = yes
CApath = /apps/bss/CCBTrustStore-->trust store where the remote webservice certificates are stored in cert format
accept = 46200-->port configured from client machine to connect using http
connect =  xxx.in.xxx.com.au:46200-->port where the incoming http request need to be changed from http to https
cert = /stunnel/bin/client.pem-->identity certificate used for client
key = /stunnel/bin/key.pem-->corresponding key for the above identity certificate.
While hitting using the URL http://localhost:46200 it is shown in stunnel log as below
2017.04.28 17:17:51 LOG5[2627:3]: Billpay46200 accepted connection from 127.0.0.1:58382
2017.04.28 17:17:51 LOG5[2627:3]: Billpay46200 connected remote server from 10.116.194.24:58383
2017.04.28 17:17:51 LOG3[2627:3]: SSL_connect: Peer suddenly disconnected
2017.04.28 17:17:51 LOG5[2627:3]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

Thanks and Regards,
Jothish
TIBCO TSD
Ph. : +91 44 39263958
Mobile : +91 9884040171
Support : +91 9962007110
OC : jothish.chokkalingam
Group mail:- Telstra.psm.tsd.tibco at accenture.com

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170428/fb04ef3f/attachment.html>


More information about the stunnel-users mailing list