Hello,

> On 19 Sep 2016, at 02:27, Małgorzata Olszówka <go...@olszowka.net> wrote:
> 
> Hi!
>> What about the execArgs do you think is wrong?  If it’s the trailing dot
>> then it’s something to do with rsync (detailed here
>> <https://lists.samba.org/archive/rsync-cvs/2013-July/007296.html>).
>> As far as I can tell, Stunnel doesn’t even get as far as invoking the
>> executable because it never manages to finish connecting.
> execArgs = $0 $1 $2 ...
> arguments for exec including the program name ($0), it means $0 = rsync
> In your config file:
> execArgs = -vvvv --daemon --server 
> --config=/Users/dave/Desktop/stunnel-test/stunnel-rsyncd.conf .
Good point but no luck; it still fails the same way.
I think Stunnel doesn’t even get as far as executing the executable because it 
fails to connect.
E.g., it still hangs the same way even if I use something absurd such as   exec 
= FOO/FOO/FOO
I just don’t think it gets that far.

>> The server *is* on localhost.  So is the client.  The logs show the
>> server is on port 874 and the client connected from port 51362 on this
>> occasion.
> I don’t understand what you want to achieve. Do you have the stunnel client 
> and the stunnel server on the same computer and try to establish an encrypted 
> connection between them on the localhost? For what purpose?
Testing.

>> Further information: I’ve also tried Stunnel 4.57 and this fails in
>> exactly the same way.
>> It also bothers me that the last log line mentions SSLv3 (server) and
>> SSLv2/v3 (client)… but the manual says "Obsolete SSLv2 and SSLv3 are
>> currently disabled by default”.  So why would they appear in the log?
>> I’ve even explicitly disabled them with addition of "options =
>> NO_SSLv2" and  "options = NO_SSLv3” lines in the confs, but this makes
>> no difference.
> 
> SSL state (accept): SSLv3 messages are from OpenSSL. They are vestiges of the 
> past.
> 
> With the latest OpenSSL 1.1.0.:
> 
> 2016.09.19 04:56:54 LOG5[ui]: stunnel 5.36 on x86_64-unknown-linux-gnu 
> platform
> 2016.09.19 04:56:54 LOG5[ui]: Compiled/running with OpenSSL 1.1.0  25 Aug 2016
> …
> 2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS read client hello
> 2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write server hello
> 2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write certificate
> 2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write key exchange
> …

Do you mean that the ‘SSLv3’ bit is misleading and I can just ignore it?

Thanks, Dave.










_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Reply via email to