[stunnel-users] S-tunnel will not send TLS

Jan Falk jan.falk at sll.se
Fri Mar 13 12:19:16 CET 2020 

Thanks Peter for a quick reply.
Yes we have a connection with reciving server, in wireshark I can see that vi get three ack:s on establishment. As I understand it, on third Ack the TLS is supposed to be sent, but instead my Stunnel halts on 10 sek. And there I stand.....
The reciving server is not reply to non-crypted communication.
//Janne


-----Ursprungligt meddelande-----
Från: Peter Pentchev <roam at ringlet.net> 
Skickat: den 13 mars 2020 11:44
Till: Jan Falk <jan.falk at sll.se>
Kopia: stunnel-users at stunnel.org
Ämne: Re: [stunnel-users] S-tunnel will not send TLS

On Fri, Mar 13, 2020 at 09:42:27AM +0000, Jan Falk wrote:
> Hi.
> Can someone tell me why Stunnel stops at wating 10s? Log:
> 
> 2020.03.12 09:43:36 LOG6[main]: Initializing service 
> [x3_x4_DICOM_BFT_client]
[snip]
> 2020.03.12 09:44:37 LOG7[0]: Service [x3_x4_HL7_BFT_client] started
> 2020.03.12 09:44:37 LOG7[0]: Setting local socket options (FD=508)
> 2020.03.12 09:44:37 LOG7[0]: Option TCP_NODELAY set on local socket
> 2020.03.12 09:44:37 LOG5[0]: Service [x3_x4_HL7_BFT_client] accepted 
> connection from 127.0.0.1:50299
> 2020.03.12 09:44:37 LOG6[0]: s_connect: connecting 10.67.6.106:6161
> 2020.03.12 09:44:37 LOG7[0]: s_connect: s_poll_wait 10.67.6.106:6161: 
> waiting 10 seconds

Have you made sure that there is something listening on port 6161 of the 10.67.6.106 host and that the host that stunnel is running on can establish a connection to it? No firewalls, no routing problems or anything like that?

What happens if you run - on the host that stunnel runs on - this:

  nc -v -z 10.67.6.106 6161

...and also, if stunnel is supposed to establish a secure connection to that host (that is, if stunnel is working in client mode):

  openssl s_client -connect 10.67.6.106:6161

The first command should exit immediately and tell you that a TCP connection was established successfully; the second one should also try to negotiate a TLS connection and show you what the server on the other side tells you after the connection has been established.

G'luck,
Peter

--
Peter Pentchev  roam@{ringlet.net,debian.org,FreeBSD.org} pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

More information about the stunnel-users mailing list