Hi, After overcoming some initial more obvious problems I have still been unable to get this client's stunnel configured correctly.
"No certificate or private key specified" - is this significant? Stunnel.conf looks like the below: debug = 2 output = stunnel.log CAfile=.\ca-verisign.crt client=yes verify=0 sslVersion = TLSv1.2 options = NO_SSLv2 options = NO_SSLv3 [TRD] accept=16002 connect= our.ip.com:443 [INV] accept=16003 connect= our.ip.com:443 Stunnel output log below 2017.10.12 10:53:22 LOG7[main]: Found 1 ready file descriptor(s) 2017.10.12 10:53:22 LOG7[main]: FD=276 ifds=r-x ofds=--- 2017.10.12 10:53:22 LOG7[main]: FD=284 ifds=r-x ofds=--- 2017.10.12 10:53:22 LOG7[main]: Dispatching signals from the signal pipe 2017.10.12 10:53:22 LOG7[main]: Processing SIGNAL_RELOAD_CONFIG 2017.10.12 10:53:22 LOG7[main]: Running on Windows 6.1 2017.10.12 10:53:22 LOG5[main]: Reading configuration from file stunnel.conf 2017.10.12 10:53:22 LOG5[main]: UTF-8 byte order mark detected 2017.10.12 10:53:22 LOG5[main]: FIPS mode disabled 2017.10.12 10:53:22 LOG7[main]: Compression disabled 2017.10.12 10:53:22 LOG7[main]: Snagged 64 random bytes from C:/.rnd 2017.10.12 10:53:22 LOG7[main]: Wrote 1024 new random bytes to C:/.rnd 2017.10.12 10:53:22 LOG7[main]: PRNG seeded successfully 2017.10.12 10:53:22 LOG6[main]: Initializing service [TRD] 2017.10.12 10:53:22 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2 2017.10.12 10:53:22 LOG7[main]: TLS options: 0x03000004 (+0x03000000, -0x00000000) 2017.10.12 10:53:22 LOG7[main]: No certificate or private key specified 2017.10.12 10:53:22 LOG4[main]: Service [TRD] needs authentication to prevent MITM attacks 2017.10.12 10:53:22 LOG6[main]: Initializing service [INV] 2017.10.12 10:53:22 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2 2017.10.12 10:53:22 LOG7[main]: TLS options: 0x03000004 (+0x03000000, -0x00000000) 2017.10.12 10:53:22 LOG7[main]: No certificate or private key specified 2017.10.12 10:53:22 LOG4[main]: Service [INV] needs authentication to prevent MITM attacks 2017.10.12 10:53:22 LOG5[main]: Configuration successful 2017.10.12 10:53:22 LOG7[main]: Closing service [TRD] 2017.10.12 10:53:22 LOG7[main]: Service [TRD] closed (FD=284) 2017.10.12 10:53:22 LOG7[main]: Service [TRD] closed 2017.10.12 10:53:22 LOG7[main]: Closing service [INV] 2017.10.12 10:53:22 LOG7[main]: Service [INV] closed (FD=276) 2017.10.12 10:53:22 LOG7[main]: Service [INV] closed We tried giving the certification a hard location but still it seems unable to find it. Is there anything in the cfg you can see missing? Bearing in mind this is standard cfg for our clients connecting in. Kind regards, Hugo Darley The information contained in and accompanying this communication is strictly confidential and intended solely for the use of the intended recipient(s). If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its content to anyone. MarketAxess reserves the right to monitor the content of emails sent to or from its systems. Any comments or statements made are not necessarily those of MarketAxess. For more information, please visit www.marketaxess.com. MarketAxess Europe Limited is authorised and regulated by the UK Financial Conduct Authority, registered in England no. 4017610, registered office at 5 Aldermanbury Square, London EC2V 7HR. Telephone (020) 7709 3100. MarketAxess Corporation is regulated in the USA by the SEC and FINRA, incorporated in Delaware, executive offices at 299 Park Avenue, New York, NY 10171. Telephone (1) 212 813 6000.
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
