Can you please elaborate? If you want us to help, you need to provide enough information.
Regards Jose > El 24/11/2016, a las 5:03 a.m., <[email protected]> > <[email protected]> escribió: > > Jose, > J you are right.i was trying but I thought it will work as a client and it > worked as a workaround. But will check for the dh key small error while > forwarding the traffic with SSL from intermediate port to another port. > > Thanks and Regards, > Jothish > TIBCO TSD > Ph. : +91 44 39263958 > Mobile : +91 9884040171 > Support : +91 9962007110 > OC : jothish.chokkalingam > Group mail:- [email protected] > > From: Josealf.rm [mailto:[email protected]] > Sent: Thursday, November 24, 2016 2:48 PM > To: Chokkalingam, Jothish <[email protected]> > Cc: [email protected]; [email protected] > Subject: Re: [stunnel-users] Help in setting stunnel in server mode to over > come TLSV2 compatibility > > Jothish, > > Stunnel in server mode is what you need, with 99.9% confidence. > > When you write: > > [https] > Accept=443 > Connect=local host:80 > Client=no > > Stunnnel will expect TLS connections on port 443 and will forward then to > your normal web server running on loopback port 80. > > Is that clear? > > Regards, > Jose > > El 24/11/2016, a las 2:29 a.m., <[email protected]> > <[email protected]> escribió: > > > Is there a way to forward a Secure connection from one port to non secure > port using stunnel. I am googling but unable to find. If you have can you let > me know > > Thanks and Regards, > Jothish > TIBCO TSD > Ph. : +91 44 39263958 > Mobile : +91 9884040171 > Support : +91 9962007110 > OC : jothish.chokkalingam > Group mail:- [email protected] > > From: stunnel-users [mailto:[email protected]] On Behalf Of > Carter Browne > Sent: Wednesday, November 23, 2016 9:30 PM > To: [email protected] > Subject: Re: [stunnel-users] Help in setting stunnel in server mode to over > come TLSV2 compatibility > > There are other tools for performing port forwarding with less overhead (I > believe tappipe is one), although I make use stunnel to do this extensively. > > In order forward a secure connection from one port to another is a two step > process with stunnel: > > A sample configuration segment would be: > > [SFDC reverse in] > > client = no > > accept = 8008 > > connect = localhost:48008 > > > [SFDC reverse out] > client = yes > accept = localhost:48008 > connect = localhost:8009 > > On 11/23/2016 10:18 AM, Rodney Lott wrote: > Hi, there. > > I'm no stunnel expert, but here's my $0.05 (we have no pennies in Canada > anymore ;-) ): > - I would try including the key as well as the cert in your stunnel config > - I would enable debug on the openssl s_client call to see if it will > indicate why it is reseting. Same with your SFDC client to get more info. > - Question: is the "WARNING: can't open config file" message below indicative > of a permissions or path problem? > - Question: Is the stunnel cert and key compatible with the TIBCO server's > certificate? They need to be using certs generated from the same key source, > don't they? > - You might want to fix the SSL version in the stunnel config file (i.e. > sslVersion = TLSv1.2) > > Good luck with your debugging. > > Rodney > > On 2016-11-22 07:43 PM, [email protected] wrote: > HI all, > > There is a problem we have currently connecting tibco client to SFDC sever > via TLS v1.2 and that’s solved by using stunnel in client mode. And the > communication from SFDC client to tibco server applications w.r.t TLS V1.2 I > am unable to solve using stunnel. Below is the configuration in stunnel in > server end to divert the traffic from 8008 to 8009, can you help here with > the logs is the stunnel configuration is correct or there any missed/need to > alter. > > [SFDC reverse proxy test] > debug=7 > ;client = yes > accept = 8008àport used by sfdc client to connect to TIBCO server > connect = localhost:8009 àTibco server that’s running > cert = stunnel.pem > 2016.11.23 08:31:56 LOG7[118]: Service [SFDC reverse proxy test] started > 2016.11.23 08:31:56 LOG7[118]: Option TCP_NODELAY set on local socket > 2016.11.23 08:31:56 LOG5[118]: Service [SFDC reverse proxy test] accepted > connection from 101.167.198.14:54477 > 2016.11.23 08:31:56 LOG6[118]: Peer certificate not required > 2016.11.23 08:31:56 LOG7[118]: SSL state (accept): before/accept > initialization > 2016.11.23 08:31:56 LOG3[118]: SSL_accept: Peer suddenly disconnected > 2016.11.23 08:31:56 LOG5[118]: Connection reset: 0 byte(s) sent to SSL, 0 > byte(s) sent to socket > 2016.11.23 08:31:56 LOG7[118]: Local descriptor (FD=696) closed > 2016.11.23 08:31:56 LOG7[118]: Service [SFDC reverse proxy test] finished (0 > left) > > PFB the openssl snap shot looks odd > C:\Program Files (x86)\stunnel\bin>openssl s_client -connect localhost:8008 > -prexit -showcerts > WARNING: can't open config file: /devel/win32/openssl/openssl.cnf > CONNECTED(0000016C) > > Thanks and Regards, > Jothish > TIBCO TSD > Ph. : +91 44 39263958 > Mobile : +91 9884040171 > Support : +91 9962007110 > OC : jothish.chokkalingam > Group mail:- [email protected] > > > > This message is for the designated recipient only and may contain privileged, > proprietary, or otherwise confidential information. If you have received it > in error, please notify the sender immediately and delete the original. Any > other use of the e-mail by you is prohibited. Where allowed by local law, > electronic communications with Accenture and its affiliates, including e-mail > and instant messaging (including content), may be scanned by our systems for > the purposes of information security and assessment of internal compliance > with Accenture policy. > ______________________________________________________________________________________ > > www.accenture.com > > > > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > > > > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
