I would guess that the key message in the log is:
0.0.0.0:443: Address already in use (98)
Check for some other software (or another stunnel instance) already listening
on port 443.
-- Mike
___
stunnel-users mailing list --
The message "Address already in use" indicates the core problem. Something
*else* is already attached to port 6661. Either another instance of stunnel, or
some system service.
-- Mike
___
stunnel-users mailing list -- stunnel-users@stunnel.org
To
2nd and third lines of the log suggest that the client end could not negotiate
a compatible encryption method, and your stunnel config appears to only have
GCM ciphers enabled. Do you have a very old client that can only do CBC mode
encryption?
-- Mike Spooner
Maybe failing because the cert is a *server* cert, not valid for verifying
clients. Certs contain a set of flags that specify what they can be used for,
might be worth checking whether your cert is valid for both verifying server
identity *and* for verifying client identity.
- Mike S
Javier,
On the logging front, stunnel logs for such a optional-STARTTLS MX-MX
connection could still be useful, eg: when the parties cannot agree on a cipher
spec, etc.
-- Mike
___
stunnel-users mailing list -- stunnel-users@stunnel.org
To
Hi Javier,
Becase the MTA-MTA case differs from the MUA-MSA case, what we really would
need is another "protocol option" eg smtp-with-optional-starttls or perhaps a
shorter name like smtp-mx. It wouldn't be a general solution to try and
automatically distinguish solely by port-number.
josé,
The private-key file you have there is world-readable, which it most certainly
should NOT be.
Also, "www-data" is a group, not a user, so you MUST be very careful to make
sure that ONLY the web-server software can run as a member of that group and
that no other user or process can do
The fact that the log mentions an SSLv3 connection attempt, rather than
something more modern, might well indicate what you suspect - I would be very
surprised if the O365 email service still accepted SSLv3 connections.
-- Mike S
___
stunnel-users
Hi Ian,
SMTP port 587 is for SMTP-with-STARTTLS, which is good. However, port 993 is
for IMAP-over-TLS, not IMAP-with-STARTTLS. You might have more luck with port
143 there (stunnel should do the STARTTLS bit for you, although it's always
worth making sure).
-- Mike
Oops, sorry, I meant that 'make cert' command, ie:
sudo make cert
-Mike
___
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-le...@stunnel.org
Hi,
I suspect that you need to run that 'make install' command as the root user
(ie: prefixed with sudo). As always, the usual care should be taken when acting
with root priviledges.
-- Mike
___
stunnel-users mailing list --
Pedantically, port 25 is only for mailserver-to-mailserver communication (even
though it has often been abused for client-server mail-submission over the last
4 decades). Perhaps Google is being stricter now, and requires client SMTP
connection on port 587 these days?
-- Mike Spooner
Hi,
I could be way-off-base here, but from the log it looks like the CN of the
certificate has an extra leading space. Don't know if that really matters, but
is the kind of thing that upgraded openssl might have tightened-up on?
-- Mike
___
Hi Anton,
At a guess, this may be related to the recent hard-deprecation of TLS1.0 and
TLS1.1 by many of the large service-providers (eg: Google, MS, et al).
You might need to force TLS1.2 in stunnel.conf.
-Mike
___
stunnel-users mailing list
"Cannot open log file: /var/log/stunnel.log" is the problem. File permissions.
Are you supposed to be running stunnel as a particular user, rather than as
yourself?
- Mike
On Thu, Dec 26, 2019 at 2:48 AM +, "Hanhan lee"
wrote:
I compiled stunnel4-5.50 with openssl
You may need to build OpenSSL with --enable-static too.
On Fri, Nov 1, 2019 at 8:42 AM +, "Chris Maciejewski"
wrote:
Hello,
I am trying to build stunnel 5.55 on Debian 9 x64 statistically against latest
OpenSSL build from source. The system already has openssl and libssl ver.
Paul,
In the configuration screen of Outlook Express v6, try setting the POP server
to be 127.0.0.1
Regards,
Mike
On Thu, Jun 20, 2019 at 11:28 PM +0100, "David Yunker"
wrote:
To anybody who can help,
I am currently using Stunnel version 5.24. I cannot update
17 matches
Mail list logo