[stunnel-users] stunnel ignoring config file for port binding

Tim Turner tim.turner at lmax.com
Sat Apr 18 11:13:13 CEST 2020


Config and logs below but redacted, this is running on 2016 server, if it matters I am starting it over an RDP session

I find that the port is ignored in the config file and it always binds to ports in the 23*** range







; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
;cert = stunnel.pem
;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = /stunnel.log

; Use it for client mode
client = yes

; Service-level configuration



[Service Config]
accept=127.0.0.1:40001
connect = redacted:443


log file

2020.04.18 10:08:18 LOG7[main]: Dispatching a signal from the signal pipe
2020.04.18 10:08:18 LOG7[main]: Processing SIGNAL_RELOAD_CONFIG
2020.04.18 10:08:18 LOG7[main]: Running on Windows 6.2
2020.04.18 10:08:18 LOG5[main]: Reading configuration from file stunnel.conf
2020.04.18 10:08:18 LOG5[main]: UTF-8 byte order mark detected
2020.04.18 10:08:18 LOG7[main]: Compression disabled
2020.04.18 10:08:18 LOG7[main]: No PRNG seeding was required
2020.04.18 10:08:18 LOG6[main]: Initializing service [Service Config]
2020.04.18 10:08:18 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2020.04.18 10:08:18 LOG7[main]: TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
2020.04.18 10:08:18 LOG7[main]: TLS options: 0x02100004 (+0x00000000, -0x00000000)
2020.04.18 10:08:18 LOG7[main]: No certificate or private key specified



2020.04.18 10:08:18 LOG4[main]: Service [Digital-Prod-MTF-FIX-MD] needs authentication to prevent MITM attacks
2020.04.18 10:08:18 LOG5[main]: Configuration successful
2020.04.18 10:08:18 LOG7[main]: Deallocating section defaults
2020.04.18 10:08:18 LOG5[main]: Logging to C:\Users\turnert\AppData\Local\/stunnel.log
2020.04.18 10:08:18 LOG7[main]: Binding service [New Broker FIX Demo-Trading]
2020.04.18 10:08:18 LOG7[main]: Listening file descriptor created (FD=1296)
2020.04.18 10:08:18 LOG7[main]: Setting accept socket options (FD=1296)
2020.04.18 10:08:18 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2020.04.18 10:08:18 LOG6[main]: Service [New Broker FIX Demo-Trading] (FD=1296) bound to 127.0.0.1:23471
2020.04.18 10:08:18 LOG7[main]: Binding service [Service Config]



This message and its attachments are confidential, may not be disclosed or used by any person other than the addressee and are intended only for the named recipient(s). If you are not the intended recipient, please notify the sender immediately and delete any copies of this message.

LMAX Group is the holding company of LMAX Exchange, LMAX Global and LMAX Digital. Our registered address is Yellow Building, 1A Nicholas Road, London W11 4AN.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200418/97e062f4/attachment.htm>


More information about the stunnel-users mailing list