Hi,
This version can't connect to Hotmail/Live/Outlook POP3 with the same
configuration as 5.10. Under Windows 2000, but happens in XP too.
LOG3[1220]: SSL_connect: Peer suddenly disconnected
LOG5[1220]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent
to socket
Configuration. The bottom lines ";" are from when I used to verify
the certs:
[pop3hotmailSSL]
client = yes
accept = 127.0.0.1:56417
connect = pop3.live.com:995
; CAfile = peer-cert\peer-pop3hotmailSSL.pem
; verify = 3
Could be because they use RC4-MD5 and after the new FREAK attack you
(or OpenSSL) removed the option of weak ciphers, even you don't
mention in the changelog?
Just guessing.
I attach both logs to compare, even don't tell too much. Until the
connection "all" is the same except OpenSSL version.
Regards.
==================== 5.11
LOG7[1152]: No limit detected for the number of clients
LOG5[1152]: stunnel 5.11 on x86-pc-msvc-1500 platform
LOG5[1152]: Compiled/running with OpenSSL 1.0.2 22 Jan 2015
LOG5[1152]: Threading:WIN32 Sockets:SELECT,IPv4 TLS:ENGINE,FIPS,OCSP,PSK,SNI
LOG7[1152]: errno: (*_errno())
LOG7[1112]: GUI message loop initialized
LOG5[1152]: Reading configuration from file stunnel.conf
LOG5[1152]: UTF-8 byte order mark not detected
LOG5[1152]: FIPS mode disabled
LOG7[1152]: Compression disabled
LOG7[1152]: Snagged 64 random bytes from C:/.rnd
LOG7[1152]: Wrote 1024 new random bytes to C:/.rnd
LOG7[1152]: PRNG seeded successfully
LOG6[1152]: Initializing service [pop3hotmailSSL]
LOG7[1152]: No private key specified
LOG7[1152]: SSL options: 0x03000004 (+0x03000000, -0x00000000)
LOG5[1152]: Configuration successful
LOG7[1152]: Listening file descriptor created (FD=348)
LOG7[1152]: Service [pop3hotmailSSL] (FD=348) bound to 127.0.0.1:56417
LOG7[1152]: Service [pop3hotmailSSL] accepted (FD=460) from 127.0.0.1:5411
LOG7[1152]: Creating a new thread
LOG7[1152]: New thread created
LOG7[1220]: Service [pop3hotmailSSL] started
LOG5[1220]: Service [pop3hotmailSSL] accepted connection from 127.0.0.1:5411
LOG6[1220]: s_connect: connecting 134.170.170.231:995
LOG7[1220]: s_connect: s_poll_wait 134.170.170.231:995: waiting 10 seconds
LOG5[1220]: s_connect: connected 134.170.170.231:995
LOG5[1220]: Service [pop3hotmailSSL] connected remote server from
xxx.xxx.xxx.xxx:5413
LOG7[1220]: Remote socket (FD=656) initialized
LOG6[1220]: SNI: sending servername: pop3.live.com
LOG7[1220]: SSL state (connect): before/connect initialization
LOG7[1220]: SSL state (connect): SSLv2/v3 write client hello A
LOG3[1220]: SSL_connect: Peer suddenly disconnected
LOG5[1220]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
LOG7[1220]: Remote socket (FD=656) closed
LOG7[1220]: Local socket (FD=460) closed
LOG7[1220]: Service [pop3hotmailSSL] finished (0 left)
==================== 5.10
LOG7[1132]: No limit detected for the number of clients
LOG5[1132]: stunnel 5.10 on x86-pc-msvc-1500 platform
LOG5[1132]: Compiled/running with OpenSSL 1.0.1l 15 Jan 2015
LOG5[1132]: Threading:WIN32 Sockets:SELECT,IPv4 TLS:ENGINE,FIPS,OCSP,PSK,SNI
LOG7[1132]: errno: (*_errno())
LOG5[1132]: Reading configuration from file stunnel.conf
LOG7[1108]: GUI message loop initialized
LOG5[1132]: UTF-8 byte order mark not detected
LOG5[1132]: FIPS mode disabled
LOG7[1132]: Compression disabled
LOG7[1132]: Snagged 64 random bytes from C:/.rnd
LOG7[1132]: Wrote 1024 new random bytes to C:/.rnd
LOG7[1132]: PRNG seeded successfully
LOG6[1132]: Initializing service [pop3hotmailSSL]
LOG7[1132]: No private key specified
LOG7[1132]: SSL options: 0x03000004 (+0x03000000, -0x00000000)
LOG5[1132]: Configuration successful
LOG7[1132]: Listening file descriptor created (FD=348)
LOG7[1132]: Service [pop3hotmailSSL] (FD=348) bound to 127.0.0.1:56417
LOG7[1132]: Service [pop3hotmailSSL] accepted (FD=460) from 127.0.0.1:5416
LOG7[1132]: Creating a new thread
LOG7[1132]: New thread created
LOG7[1208]: Service [pop3hotmailSSL] started
LOG5[1208]: Service [pop3hotmailSSL] accepted connection from 127.0.0.1:5416
LOG6[1208]: s_connect: connecting 134.170.170.231:995
LOG7[1208]: s_connect: s_poll_wait 134.170.170.231:995: waiting 10 seconds
LOG5[1208]: s_connect: connected 134.170.170.231:995
LOG5[1208]: Service [pop3hotmailSSL] connected remote server from
xxx.xxx.xxx.xxx:5418
LOG7[1208]: Remote socket (FD=652) initialized
LOG6[1208]: SNI: sending servername: pop3.live.com
LOG7[1208]: SSL state (connect): before/connect initialization
LOG7[1208]: SSL state (connect): SSLv2/v3 write client hello A
LOG7[1208]: SSL state (connect): SSLv3 read server hello A
LOG7[1208]: SSL state (connect): SSLv3 read server certificate A
LOG7[1208]: SSL state (connect): SSLv3 read server done A
LOG7[1208]: SSL state (connect): SSLv3 write client key exchange A
LOG7[1208]: SSL state (connect): SSLv3 write change cipher spec A
LOG7[1208]: SSL state (connect): SSLv3 write finished A
LOG7[1208]: SSL state (connect): SSLv3 flush data
LOG7[1208]: SSL state (connect): SSLv3 read finished A
LOG7[1208]: 1 items in the session cache
LOG7[1208]: 1 client connects (SSL_connect())
LOG7[1208]: 1 client connects that finished
LOG7[1208]: 0 client renegotiations requested
LOG7[1208]: 0 server connects (SSL_accept())
LOG7[1208]: 0 server connects that finished
LOG7[1208]: 0 server renegotiations requested
LOG7[1208]: 0 session cache hits
LOG7[1208]: 0 external session cache hits
LOG7[1208]: 0 session cache misses
LOG7[1208]: 0 session cache timeouts
LOG7[1208]: Peer certificate was cached (3518 bytes)
LOG6[1208]: SSL connected: new session negotiated
LOG6[1208]: Negotiated TLSv1 ciphersuite RC4-MD5 (128-bit encryption)
LOG7[1208]: Compression: null, expansion: null
LOG6[1208]: SSL socket closed (SSL_read)
LOG7[1208]: Sent socket write shutdown
LOG5[1208]: Connection closed: 71 byte(s) sent to SSL, 2811 byte(s) sent to
socket
LOG7[1208]: Remote socket (FD=652) closed
LOG7[1208]: Local socket (FD=460) closed
LOG7[1208]: Service [pop3hotmailSSL] finished (0 left)
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
