My Stunnel client gets to this point, then hangs indefinitely: SSL state (connect): SSLv2/v3 write client hello A Is this a fault with Stunnel or is it something I’m doing wrong
Full client-side output: """"""""""""""""""" Last login: Wed Sep 14 06:50:40 on ttys004 Daves-MBP-2016:~ dave$ /Users/dave/Desktop/stunnel-test/stunnel /Users/dave/Desktop/stunnel-test/stunnel-sender.conf 2016.09.14 06:54:35 LOG7[ui]: Clients allowed=125 2016.09.14 06:54:35 LOG7[cron]: Cron thread initialized 2016.09.14 06:54:35 LOG5[ui]: stunnel 5.35 on x86_64-apple-darwin15.4.0 platform 2016.09.14 06:54:35 LOG5[ui]: Compiled with OpenSSL 0.9.8zd 8 Jan 2015 2016.09.14 06:54:35 LOG5[ui]: Running with OpenSSL 0.9.8zh 14 Jan 2016 2016.09.14 06:54:35 LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel 2016.09.14 06:54:35 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,SNI 2016.09.14 06:54:35 LOG7[ui]: errno: (*__error()) 2016.09.14 06:54:35 LOG5[ui]: Reading configuration from file /Users/dave/Desktop/stunnel-test/stunnel-sender.conf 2016.09.14 06:54:35 LOG5[ui]: UTF-8 byte order mark not detected 2016.09.14 06:54:35 LOG7[ui]: Compression disabled 2016.09.14 06:54:35 LOG7[ui]: Snagged 64 random bytes from /Users/dave/.rnd 2016.09.14 06:54:35 LOG7[ui]: Wrote 1024 new random bytes to /Users/dave/.rnd 2016.09.14 06:54:35 LOG7[ui]: PRNG seeded successfully 2016.09.14 06:54:35 LOG6[ui]: Initializing inetd mode configuration 2016.09.14 06:54:35 LOG6[ui]: Loading certificate from file: /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG6[ui]: Certificate loaded from file: /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG6[ui]: Loading private key from file: /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG4[ui]: Insecure file permissions on /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG6[ui]: Private key loaded from file: /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG7[ui]: Private key check succeeded 2016.09.14 06:54:35 LOG4[ui]: Service [stunnel] needs authentication to prevent MITM attacks 2016.09.14 06:54:35 LOG7[ui]: SSL options: 0x03000004 (+0x03000000, -0x00000000) 2016.09.14 06:54:35 LOG5[ui]: Configuration successful 2016.09.14 06:54:35 LOG7[ui]: Service [stunnel] started 2016.09.14 06:54:35 LOG5[ui]: Service [stunnel] accepted connection 2016.09.14 06:54:35 LOG6[ui]: failover: round-robin, starting at entry #0 2016.09.14 06:54:35 LOG6[ui]: s_connect: connecting ::1:874 2016.09.14 06:54:35 LOG7[ui]: s_connect: s_poll_wait ::1:874: waiting 10 seconds 2016.09.14 06:54:35 LOG5[ui]: s_connect: connected ::1:874 2016.09.14 06:54:35 LOG5[ui]: Service [stunnel] connected remote server from ::1:51362 2016.09.14 06:54:35 LOG7[ui]: Option TCP_NODELAY set on remote socket 2016.09.14 06:54:35 LOG7[ui]: Remote descriptor (FD=3) initialized 2016.09.14 06:54:35 LOG6[ui]: SNI: sending servername: localhost 2016.09.14 06:54:35 LOG6[ui]: Peer certificate not required 2016.09.14 06:54:35 LOG7[ui]: SSL state (connect): before/connect initialization 2016.09.14 06:54:35 LOG7[ui]: SSL state (connect): SSLv2/v3 write client hello A ^C Daves-MBP-2016:~ dave$ """"""""""""""""""" My stunnel-sender.conf: """"""""""""""""""" debug = 7 output = /Users/dave/Desktop/stunnel-test/sender-stunnel-output.log foreground = yes client = yes connect = localhost:874 cert = /Users/dave/Desktop/stunnel-test/cert.pem verify = 0 """"""""""""""""""" My stunnel-receiver.conf: """"""""""""""""""" debug = 7 output = /Users/dave/Desktop/stunnel-test/receiver-stunnels-output.log pid = /Users/dave/Desktop/stunnel-test/stunnel-rsyncd-stunnels.pid cert = /Users/dave/Desktop/stunnel-test/cert.pem verify = 0 delay = yes exec = /Users/dave/Desktop/stunnel-test/rsync execArgs = -vvvv --daemon --server --config=/Users/dave/Desktop/stunnel-test/stunnel-rsyncd.conf . foreground = yes client = no """"""""""""""""""" My receiver-error.log: """"""""""""""""""" 2016.09.14 06:54:35 LOG7[ui]: Clients allowed=125 2016.09.14 06:54:35 LOG7[cron]: Cron thread initialized 2016.09.14 06:54:35 LOG5[ui]: stunnel 5.35 on x86_64-apple-darwin15.4.0 platform 2016.09.14 06:54:35 LOG5[ui]: Compiled with OpenSSL 0.9.8zd 8 Jan 2015 2016.09.14 06:54:35 LOG5[ui]: Running with OpenSSL 0.9.8zh 14 Jan 2016 2016.09.14 06:54:35 LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel 2016.09.14 06:54:35 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,SNI 2016.09.14 06:54:35 LOG7[ui]: errno: (*__error()) 2016.09.14 06:54:35 LOG5[ui]: Reading configuration from file /Users/dave/Desktop/stunnel-test/stunnel-receiver.conf 2016.09.14 06:54:35 LOG5[ui]: UTF-8 byte order mark not detected 2016.09.14 06:54:35 LOG7[ui]: Compression disabled 2016.09.14 06:54:35 LOG7[ui]: Snagged 64 random bytes from /dev/urandom 2016.09.14 06:54:35 LOG7[ui]: PRNG seeded successfully 2016.09.14 06:54:35 LOG6[ui]: Initializing inetd mode configuration 2016.09.14 06:54:35 LOG6[ui]: Loading certificate from file: /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG6[ui]: Certificate loaded from file: /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG6[ui]: Loading private key from file: /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG4[ui]: Insecure file permissions on /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG6[ui]: Private key loaded from file: /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG7[ui]: Private key check succeeded 2016.09.14 06:54:35 LOG7[ui]: DH initialization 2016.09.14 06:54:35 LOG7[ui]: Using DH parameters from /Users/dave/Desktop/stunnel-test/cert.pem 2016.09.14 06:54:35 LOG6[ui]: 2048-bit DH parameters loaded 2016.09.14 06:54:35 LOG7[ui]: ECDH initialization 2016.09.14 06:54:35 LOG7[ui]: ECDH initialized with curve prime256v1 2016.09.14 06:54:35 LOG7[ui]: SSL options: 0x03004004 (+0x03004000, -0x00000000) 2016.09.14 06:54:35 LOG5[ui]: Configuration successful 2016.09.14 06:54:35 LOG7[ui]: Service [stunnel] started 2016.09.14 06:54:35 LOG7[ui]: Option TCP_NODELAY set on local socket 2016.09.14 06:54:35 LOG5[ui]: Service [stunnel] accepted connection from ::1:51362 2016.09.14 06:54:35 LOG6[ui]: Peer certificate not required 2016.09.14 06:54:35 LOG7[ui]: SSL state (accept): before/accept initialization 2016.09.14 06:54:35 LOG7[ui]: SNI: no virtual services defined 2016.09.14 06:54:35 LOG7[ui]: SSL state (accept): SSLv3 read client hello A 2016.09.14 06:54:35 LOG7[ui]: SSL state (accept): SSLv3 write server hello A 2016.09.14 06:54:35 LOG7[ui]: SSL state (accept): SSLv3 write certificate A 2016.09.14 06:54:35 LOG7[ui]: SSL state (accept): SSLv3 write certificate request A 2016.09.14 06:54:35 LOG7[ui]: SSL state (accept): SSLv3 flush data 2016.09.14 06:54:40 LOG3[ui]: SSL_accept: Peer suddenly disconnected 2016.09.14 06:54:40 LOG5[ui]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2016.09.14 06:54:40 LOG7[ui]: Deallocating application specific data for addr index 2016.09.14 06:54:40 LOG7[ui]: Service [stunnel] finished (0 left) """"""""""""""""""" The server-side-Stunnel is invoked via launchd using this LaunchDaemon (but this seems to be working okay — I think): """"""""""""""""""" <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";> <plist version="1.0"> <dict> <key>Disabled</key> <false/> <key>StandardErrorPath</key> <string>/Users/dave/Desktop/stunnel-test/receiver-error.log</string> <key>StandardOutPath</key> <string>/Users/dave/Desktop/stunnel-test/receiver-out.log</string> <key>Label</key> <string>com.stunnel.test</string> <key>ProgramArguments</key> <array> <string>/Users/dave/Desktop/stunnel-test/stunnel</string> <string>/Users/dave/Desktop/stunnel-test/stunnel-receiver.conf</string> </array> <key>inetdCompatibility</key> <dict> <key>Wait</key> <false/> </dict> <key>Sockets</key> <dict> <key>Listeners</key> <dict> <key>SockServiceName</key> <string>874</string> <key>SockType</key> <string>stream</string> </dict> </dict> </dict> </plist> """"""""""""""""""" I’ve looked at the output of bash-3.2# tcpdump -i all -XX -xx -vv port 874 but this didn’t give me any obvious clues. I can send it if it’s useful but I’ve omitted it for now as it’s long. I’ve reproduced the same hang on Mac OS X 10.11 and 10.6. I’ve recompiled Stunnel in 10.11 and 10.9 environments but still get this same hang. Any advice appreciated.. — Dave. _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
