[stunnel-users] Re: Inbound and outbound connection on same PC?

On Wed, 14 Jun 2023 07:04:22 +0200 d3rIIIe15ter Tier wrote: > Thanks Javier - one difference below in red: - does that change > things? > > [...] > > Linux PC connects to server using an Stunnel client service > Linux PC acts as an SQL server creating a secure connect

[stunnel-users] Re: Inbound and outbound connection on same PC?

On Tue, 13 Jun 2023 04:25:11 - trashra...@gmail.com wrote: > 3. What is the correct route I should take? Server offering secure connection ^ | Linux PC connects to server using an Stunnel client service Linux PC acts as an SQL server creating a secure connection with an Stunnel

[stunnel-users] Re: blat, stunnel, and gmail with an app password

Hi, > I see when I set up this computer to with blat-stunnel-gmail, that > I ran a line with blat.exe to store the gmail password. I don't > see a way to store an app password, but blat is old. App password == normal password Google is requesting to use, instead your account password, a

[stunnel-users] Re: Stunnel Consulting

On Fri, 9 Sep 2022 18:30:58 + Gary Jackson wrote: > I am looking for someone to assist with an stunnel configuration on > windows that will accept TLS1.2 connections and then send them > unencrypted to an IP and port. I would need to get it working > within the next week or so and am

[stunnel-users] Re: recent Problem sending email via Blat

On Wed, 25 May 2022 16:44:35 + Phillip Parker wrote: > [ssmtp] > accept = 127.0.0.1:25 > connect = smtp.live.com:587 Hi, it is already long ago that the smtp server for Hotmail and Outlook accounts/mail service stopped being smtp.live.com and became smtp-mail.outlook.com:

[stunnel-users] Re: [SPAM] Is stunnel really compliant with RFC 2487 / RFC 3207 ?

On Thu, 12 May 2022 09:18:19 + (UTC) Mike Spooner wrote: > Is there anyone else on the list wanting to use stunnel for MX-MX > communication? Hi, probably not, just me ;) I just made an assumption and now all is clear :) Regards. ___

[stunnel-users] Re: Is stunnel really compliant with RFC 2487 / RFC 3207 ?

On Thu, 12 May 2022 05:23:07 + (UTC) Micha__ Trojnara via stunnel-users wrote: > Hi Javier, > > stunnel is an encryption tool, and *not* a MUA/MTA, Hi Micha__, I haven't said that it is any kind of mail sever. I know is just the tool to encrypt the traffic, after years I sh

[stunnel-users] Is stunnel really compliant with RFC 2487 / RFC 3207 ?

Hi, first of all, I still use a 32-bit release (the latest, I think), so maybe things have changed on Stunnel since. But the statement that the protocol smtp option for a service is compliant with RFC 2487, should be 3207 (it is from 2002!), has been in the docs for ages, even in the latest

[stunnel-users] Re: Office 365 connections stopped working

On Fri, 26 Nov 2021 02:57:56 +0100 Javier wrote: > Michal, at the time of writting this, the web interface for the > mailing lists gives a not found error. That is not true. Is working, sorry, I just re-sent, a month later, without further e

[stunnel-users] Re: Office 365 connections stopped working

Michal, at the time of writting this, the web interface for the mailing lists gives a not found error. On Tue, 26 Oct 2021 15:13:22 + (UTC) Mike Spooner wrote: > The fact that the log mentions an SSLv3 connection attempt, rather > than something more modern, might well indicate what you

[stunnel-users] Re: Disguising HTTP 503 services unavailable

On Fri, 17 Sep 2021 11:32:01 +0900 Haruka Takagi wrote: > Thank you for your reply. > > I meant 503 service unavailable response to stunnel client's CONNECT > request, not to original sender's GET or POST request. I hope that > stunnel clients retry CONNECT after 503. > > I tried "retry = yes"

[stunnel-users] Re: How to resolve DNS by stunnel?

On Tue, 14 Sep 2021 04:25:21 - sh...@smart-cast.co.jp wrote: > Hi, I'm facing DNS issues when connecting to a server using a > dynamic IP address. I think stunnel refers to DNS at startup, so if > the IP address changes in the middle, it will get a connection > error. Can this be resolved

[stunnel-users] Re: Unexpected socket close while sending mail

On Thu, 22 Jul 2021 15:35:56 - zf...@gmx.de wrote: > But as soon I want to send a mail my mail program tries for > 10-15s to send an then gives up. > > [...] > > protocol = smtp > > [...] > > I get exactly the same problem with Mac OS 10.9 and Thunderbird as > email client. The above post was

[stunnel-users] Re: Questions about two host connection using stunnel

On Sat, 24 Apr 2021 03:08:48 - yf...@seas.upenn.edu wrote: > Thanks for your help Javier. Your instructions really help me > building the simple stunnel. > > I am wondering whether it is possible to build a bi-directional > stunnel. Hi, in every connection there is already a

[stunnel-users] Re: Questions about two host connection using stunnel

On Thu, 22 Apr 2021 23:15:19 - yf...@seas.upenn.edu wrote: > Also, I am kind of confused how to run stunnel between server and > client. Hi, App connects to port 123 ---> plain text ---> Stunnel *client* *accepts* on port 123 ---> *connects* to port 456 ---> encrypted traffic ---> Stunnel

[stunnel-users] Re: Seeing Message in Plain Text in Wireshark

Sorry, I replied to your address instead my mistake :S On Wed, 27 Jan 2021 21:11:53 + David Brower wrote: > I updated the TCP client to send the message to port 13001 but when > I check Wireshark I can still see the contents of the message in > plaintext. Shouldn't I no longer be able to

[stunnel-users] Re: Can't Connect To Gmail

Hi, Except for verification, that it always has been a pain unless you control de CA and the peers with certificate that connect to you, and so I haven't set them as you, it works for me. Also I force TLS 1.2, but it is unnecessary as Google already negotiates 1.2 if you remove that from the

Re: [stunnel-users] Need help connecting Eudora to mail servers

On Wed, 27 May 2020 11:58:21 -0400 "Phil Smith III" wrote: > Eudora error (Personality is named just "y" since it's just a test): > -- > y, Logging into POP Server, PASS [11:33:29 AM] > There has been an error transferring your mail. I said: PASS > and then the POP server > (y_phsiii@127.0.0.1)

Re: [stunnel-users] Need help connecting Eudora to mail servers

On Tue, 26 May 2020 10:35:13 -0400 "Phil Smith III" wrote: > Well, for what it's worth, I tried and also couldn't get this to > work. I stand by my supposition that it's because Yahoo implemented > SPA > and Eudora doesn't do that.

Re: [stunnel-users] Windows Server 2003 issues with stunnel, TLS 1.2 on website(s)

On Thu, 27 Feb 2020 00:12:28 +0100 Javier wrote: > Public IP:443 > Stunnel keep listening on (ie: 10.0.1.110)442 > (NAPTed) and redirecto to ISS(10.0.1.11):80 Oops, a little typo. Where it says (ie: 10.0.1.110)442 should say (ie: 10.0.1.110)443. In that second example, it is if y

Re: [stunnel-users] Windows Server 2003 issues with stunnel, TLS 1.2 on website(s)

Hi, You just need to forget about IIS secure port as it won't be used anymore and it will be managed by Stunnel and redirect to port 80. Or you can go the other way around; setup a second IP to the network device and NAT to it (I'm guessing is what you are doing through a router) instead the IP

Re: [stunnel-users] feature ? authorizing only given certificates ?

On Wed, 10 Jul 2019 16:01:31 + (UTC) "fmgre-d...@yahoo.fr" wrote: > Hello > My european organization is using a certificate chain which signs tens of > thousands of user certificates. > My local organization counts 300 users ...  and i only want these 300 to get > in the IT system. > I'd

Re: [stunnel-users] Latest Stunnel for Windows XP

On Mon, 24 Jun 2019 19:21:26 + David Yunker wrote: > To whom it may concern, > > What was the last version of stunnel that worked on Windows XP? > > Thanks for the info. Hi, the latest (should, as didn't test) while XP is in 64-bit, otherwise, if it is 32-bit XP, 5.49. Regards.

Re: [stunnel-users] No more addresses to connect

Hi, That error happens when there aren't more connect options in the service section and it isn't unable to connect to that/those destination/s. In other words, for whatever reason it can't connect to that IP. That is a common error if you block outbounds connections in your firewall. Regards.

Re: [stunnel-users] older browsers, stunnel and privoxy

On Fri, 21 Dec 2018 13:58:35 +0200 Peter Pentchev wrote: > Hm, there's no reason why stunnel would not work like that for > a predetermined set of hosts with known addresses. Hi, I'm just trying to avoid encouraging him on keep with his first idea of browsing through Stunnel, with, or without

Re: [stunnel-users] older browsers, stunnel and privoxy

On Thu, 20 Dec 2018 14:18:10 +0100 kovacs janos wrote: > thank you for the explanation, but if a proxy cant read the traffic > encrypted by stunnel, that means even if the set of possible hostnames > are given, the destination server could not read the request unless > there is another stunnel

Re: [stunnel-users] older browsers, stunnel and privoxy

On Sat, 15 Dec 2018 21:54:33 +0100 kovacs janos wrote: > "Because the proxy is to be told where to connect and receives a > direct secure handshake." > > is that necessary even if stunnel is told to not verify the connections? > ''If no verify argument is given, then stunnel will ignore any >

Re: [stunnel-users] older browsers, stunnel and privoxy

Hi, You are getting around and around and you don't get it. Yes, stunnel, after all, is a proxy, as acts as an intermediate (end of proxy definition), but is not a proxy as you understand it. While all proxy servers act as a funnel (wide side accepts inbound connections and tight for outbound

Re: [stunnel-users] [EXTERNAL] Re: Stunnel connection issue?

On Mon, 9 Jul 2018 12:26:08 + Daniel Trickett wrote: > > Will, > > I was told to ignore the SSLv3 stuff in the log. I have options set > to allow only TLS1.2 and still see SSLv3 references in the log. > > Best regards, > > Dan Hi, in fact, the version can be disclosed from following

Re: [stunnel-users] stunnel 5.47 released

On Sat, 23 Jun 2018 08:10:21 +0200 Michal Trojnara wrote: > * Bugfixes > - Fixed a crash on switching to SNI slave sections. Hi, Looks like it got fixed ;) Thanks to the other users for the help in confirming. Regards. ___ stunnel-users mailing

[stunnel-users] Stunnel 5.45 and 5.46 crashes upon reconnect HTTPS

Hi, isn't annoying when you are using an old version, 5.44, and all goes fine, you notice you are outdated and then comes the problems after update? :-P The thing is that yesterday I needed the HTTPS server so I run Stunnel 5.44 for my non-SSL app and all was fine. I updated to 5.46 just

Re: [stunnel-users] proxy with authentication

Why would he use the protocol option, when is for HTTP when... ? > to overcome a proxy server which allows only http and https Or I totally misunderstood, but my guess was that he was trying to use other kind of service through the proxy server. I guess, now, that I totally misunderstood. No

Re: [stunnel-users] proxy with authentication

Hi, If your network is set up to pass all traffic through a proxy, without a gateway set on clients, you won't be able to use anything that the proxy server isn't configured for. Have in mind, anyway, that Stunnel doesn't act as a proxy and the purpose isn't to connect dinamically to different

Re: [stunnel-users] Possible memory leak with stunnel reload

Hi, I confirm it using 5.44. In my case in fact is 200KB, but as I have a big stunnel.conf file with quite a few client services ;), hence, the difference. Should be fixed, but, in the other hand... why continuous reloading? I reload when I make changes and that happens from never to less

Re: [stunnel-users] stunnel 5.39 released

On Sun, 1 Jan 2017 23:43:31 +0100 Michał Trojnara wrote: > * New features > - PKCS#11 engine (pkcs11.dll) added to the Win32 build. Hi, You are going to forgive me, but, wasn't this already included? It surprised to me that the 31st of December was asked in

Re: [stunnel-users] stunnel 5.38 released

On Wed, 30 Nov 2016 09:36:39 +0100 Małgorzata Olszówka <go...@olszowka.net> wrote: > Hello Javier, > I tried to replicate this bug, but I couldn't. Could you show me your > activities step-by-step? The log messages can be also helpful. Hi, just as I explained. There is

Re: [stunnel-users] stunnel 5.38 released

Hi there. Dumb error I just found. Dumb because I just found it and maybe it was earlier among us. Or maybe it is "a feature". But I'd swear it worked as expected in the past. Testing the new SNI option I made a mistake and I had to edit and reload the configuration file. Nothing strange until

[stunnel-users] Broadband and stunnel weird behavior

Hi, I was in doubt if post this or not because I couldn't replicate with enough similarities. But as it may be worth, if it is an actual bug, or help others... why not? Here I have to say that it is more noticeable under Windows 2000. That doesn’t mean doesn’t happen on higher OSs, but, from XP,

Re: [stunnel-users] stunnel 5.18 may keep high CPU usage

On Tue, 16 Jun 2015 16:40:53 +0200 Michal Trojnara michal.trojn...@mirt.net wrote: On 14.06.2015 21:13, Javier wrote: An user option maybe, to set fixed or random, but random by default? Just an idea. This is how it's implemented. You can add your own (fixed) DH parameters to your

Re: [stunnel-users] stunnel 5.18 may keep high CPU usage

On Sun, 14 Jun 2015 06:59:52 +0200 Michal Trojnara michal.trojn...@mirt.net wrote: After 1 minute of running stunnel running in server mode starts computing new DH parameters. This usually takes a few minutes depending on your hardware. The process is repeated every 24 hours. Hi,

Re: [stunnel-users] stunnel 5.18 may keep high CPU usage

On 14/06/15, you wrote in gmane.network.stunnel.user: I appreciate your opinions. Do you think I should trade security for 20 minutes idle CPU time every 24 hours? On modern machines it's closer to 2 minutes... Mike Hi, No, of course not. I understood that you did this for security

Re: [stunnel-users] stunnel 5.11 released

Hi, This version can't connect to Hotmail/Live/Outlook POP3 with the same configuration as 5.10. Under Windows 2000, but happens in XP too. LOG3[1220]: SSL_connect: Peer suddenly disconnected LOG5[1220]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket Configuration. The bottom

Re: [stunnel-users] Blue Iris

On Thu, 22 Jan 2015 13:13:12 -0500 Patrick wickline patwic...@gmail.com wrote: I have stunnel set up on my machine. It works locally and lets me connect to my Blue Iris server with https. However, I am unable to do this remotely. I have forwarded the port in my router to stunnel, from

Re: [stunnel-users] No DNS lookup?

Hi, As Ludof said, you may be trying to connect to a virtual web server and, or it is a very basic web server, or has some misconfiguration, because I use myself an old tiny web server that handles virtual severs without any problems. Make sure your web server can read the Host HTTP header, and,

Re: [stunnel-users] Window not updating (win32 5.05)

On Wed, 15 Oct 2014 22:53:16 +0200 Michal Trojnara michal.trojn...@mirt.net wrote: Javier wrote: just reporting that with the latest version the window doesn't get updated when there is activity. It is static. You have to minimize to tray and restore again to view the activity, what

Re: [stunnel-users] Syringe

On Mon, 21 Apr 2014 09:14:40 +0200 Michal Trojnara michal.trojn...@mirt.net wrote: Hi Guys, I'm glad to announce syringe, a service for testing client-side heartbleed. It allows to easily examine most of the obscure TLS clients (for example embedded devices). The service is available

Re: [stunnel-users] stunnel 5.00 released

Hi, I missed another entry in log. The last line looks like an error. No limit detected for the number of clients stunnel 5.00 on x86-pc-msvc-1500 platform Compiled/running with OpenSSL 1.0.1f-fips 6 Jan 2014 Threading:WIN32 Sockets:SELECT,IPv4 SSL:ENGINE,OCSP,FIPS errno: (*_errno())

Re: [stunnel-users] error invalid stunnel.conf - No limit of clients

On Mon, 09 Dec 2013 09:35:49 +0100 Michal Trojnara michal.trojn...@mirt.net wrote: On 12/08/2013 04:16 AM, Javier wrote: The problem is that client = yes is not a global option anymore. The default is client = no for any service unless yes is specified. Not really. If you specify

Re: [stunnel-users] Sending Email Without Authentication with gmail

On Fri, 28 Jun 2013 09:07:22 -0500 Stephen Gates sga...@hkscholz.com wrote: I downloaded the old argosoft freeware and it works! Praise God! Hi, Nice to read that :) Just to clear it, about your previous message, the static IP I meant is the provided by your ISP. The known as public IP