We now use stunnel as a solution for a pop3 import for Office365. It just stopped working since Wednesday. we have done a new installation on this, only now we run into these problems that it no longer wants to connect.
Below you will find our debug list and config list. Do any of you have a solution to this problem? Debug: 2022.07.26 14:34:37 LOG6[service]: Service [POP3 Incoming] (FD=876) bound to 0.0.0.0:110 2022.07.26 14:34:37 LOG6[service]: Service [SMTP Outgoing] (FD=840) bound to 0.0.0.0:25 2022.07.26 14:34:54 LOG5[21]: Service [POP3 Incoming] accepted connection from 192.168.110.11:60494 2022.07.26 14:34:54 LOG6[21]: Peer certificate not required 2022.07.26 14:35:24 LOG3[21]: SSL_accept: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.07.26 14:35:24 LOG5[21]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2022.07.26 14:35:24 LOG4[21]: Possible memory leak at crypto/asn1/asn1_lib.c:308: 87315 allocations 2022.07.26 14:35:24 LOG4[21]: Possible memory leak at crypto/asn1/tasn_new.c:136: 77533 allocations 2022.07.26 14:35:24 LOG4[21]: Possible memory leak at crypto/asn1/asn1_lib.c:350: 70711 allocations 2022.07.26 14:37:21 LOG6[service]: Initializing inetd mode configuration 2022.07.26 14:37:21 LOG5[service]: Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf 2022.07.26 14:37:21 LOG5[service]: UTF-8 byte order mark detected 2022.07.26 14:37:21 LOG5[service]: FIPS mode disabled 2022.07.26 14:37:21 LOG6[service]: Compression enabled: 0 methods 2022.07.26 14:37:21 LOG6[service]: Initializing service [POP3 Incoming] 2022.07.26 14:37:21 LOG6[service]: User-specified security level set: 0 2022.07.26 14:37:21 LOG6[service]: Session resumption enabled 2022.07.26 14:37:21 LOG6[service]: Loading certificate from file: stunnel.pem 2022.07.26 14:37:21 LOG6[service]: Certificate loaded from file: stunnel.pem 2022.07.26 14:37:21 LOG6[service]: Loading private key from file: stunnel.pem 2022.07.26 14:37:21 LOG6[service]: Private key loaded from file: stunnel.pem 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G3 2022.07.26 14:37:21 LOG6[service]: Client CA: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 2022.07.26 14:37:21 LOG6[service]: Client CA: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2022.07.26 14:37:21 LOG6[service]: Client CA: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root 2022.07.26 14:37:21 LOG6[service]: Client CA: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FI, O=Sonera, CN=Sonera Class2 CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root 2022.07.26 14:37:21 LOG6[service]: Client CA: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=TW, O=Government Root Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Certplus, CN=Class 2 Primary CA 2022.07.26 14:37:21 LOG6[service]: Client CA: O=Digital Signature Trust Co., CN=DST Root CA X3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2006 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2006 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G5 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=SecureTrust Corporation, CN=SecureTrust CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=SecureTrust Corporation, CN=Secure Global CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication EV RootCA1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Dhimyotis, CN=Certigna 2022.07.26 14:37:21 LOG6[service]: Client CA: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2 2022.07.26 14:37:21 LOG6[service]: Client CA: O="Cybertrust, Inc", CN=Cybertrust Global Root 2022.07.26 14:37:21 LOG6[service]: Client CA: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=RO, O=certSIGN, OU=certSIGN ROOT CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="thawte, Inc.", OU="(c) 2007 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2008 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2008 VeriSign, Inc. - For authorized use only", CN=VeriSign Universal Root Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2007 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G4 2022.07.26 14:37:21 LOG6[service]: Client CA: C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány 2022.07.26 14:37:21 LOG6[service]: Client CA: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=JP, O="Japan Certification Services, Inc.", CN=SecureSign RootCA11 2022.07.26 14:37:21 LOG6[service]: Client CA: CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES 2022.07.26 14:37:21 LOG6[service]: Client CA: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, [email protected] 2022.07.26 14:37:21 LOG6[service]: Client CA: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 2022.07.26 14:37:21 LOG6[service]: Client CA: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 2022.07.26 14:37:21 LOG6[service]: Client CA: C=ES, O=IZENPE S.A., CN=Izenpe.com 2022.07.26 14:37:21 LOG6[service]: Client CA: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008 2022.07.26 14:37:21 LOG6[service]: Client CA: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Services Root Certificate Authority - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=AffirmTrust, CN=AffirmTrust Commercial 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=AffirmTrust, CN=AffirmTrust Networking 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=AffirmTrust, CN=AffirmTrust Premium 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC 2022.07.26 14:37:21 LOG6[service]: Client CA: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorité Racine 2022.07.26 14:37:21 LOG6[service]: Client CA: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011 2022.07.26 14:37:21 LOG6[service]: Client CA: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, [email protected] 2022.07.26 14:37:21 LOG6[service]: Client CA: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007 2022.07.26 14:37:21 LOG6[service]: Client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009 2022.07.26 14:37:21 LOG6[service]: Client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009 2022.07.26 14:37:21 LOG6[service]: Client CA: [email protected], L=Chacao, ST=Miranda, OU=Proveedor de Certificados PROCERT, O=Sistema Nacional de Certificacion Electronica, C=VE, CN=PSCProcert 2022.07.26 14:37:21 LOG6[service]: Client CA: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2 2022.07.26 14:37:21 LOG6[service]: Client CA: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES 2022.07.26 14:37:21 LOG6[service]: Client CA: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: O=TeliaSonera, CN=TeliaSonera Root CA v1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 2022.07.26 14:37:21 LOG6[service]: Client CA: CN=Atos TrustedRoot 2011, O=Atos, C=DE 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CN, O=WoSign CA Limited, CN=CA 沃通根证书 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign 2022.07.26 14:37:21 LOG6[service]: Client CA: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign 2022.07.26 14:37:21 LOG6[service]: Client CA: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2009 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2012 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - EC1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT 2022.07.26 14:37:21 LOG6[service]: Client CA: C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CN, O=WoSign CA Limited, CN=CA WoSign ECC Root 2022.07.26 14:37:21 LOG6[service]: Client CA: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Certplus, CN=Certplus Root CA G1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Certplus, CN=Certplus Root CA G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=OpenTrust, CN=OpenTrust Root CA G1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=OpenTrust, CN=OpenTrust Root CA G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=OpenTrust, CN=OpenTrust Root CA G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=Internet Security Research Group, CN=ISRG Root X1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=Amazon, CN=Amazon Root CA 1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=Amazon, CN=Amazon Root CA 2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=Amazon, CN=Amazon Root CA 3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=Amazon, CN=Amazon Root CA 4 2022.07.26 14:37:21 LOG6[service]: Client CA: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 2022.07.26 14:37:21 LOG6[service]: DH initialization needed for DHE-DSS-AES256-GCM-SHA384 2022.07.26 14:37:21 LOG6[service]: Using dynamic DH parameters 2022.07.26 14:37:21 LOG5[service]: Configuration successful 2022.07.26 14:37:21 LOG7[service]: Deallocating deployed section defaults 2022.07.26 14:37:21 LOG7[service]: Deallocating section [POP3 Incoming] 2022.07.26 14:37:21 LOG7[service]: Deallocating section [SMTP Outgoing] 2022.07.26 14:37:21 LOG7[service]: Binding service [POP3 Incoming] 2022.07.26 14:37:21 LOG7[service]: Listening file descriptor created (FD=840) 2022.07.26 14:37:21 LOG7[service]: Setting accept socket options (FD=840) 2022.07.26 14:37:21 LOG7[service]: Option SO_EXCLUSIVEADDRUSE set on accept socket 2022.07.26 14:37:21 LOG6[service]: Service [POP3 Incoming] (FD=840) bound to 0.0.0.0:110 2022.07.26 14:37:29 LOG7[service]: Found 1 ready file descriptor(s) 2022.07.26 14:37:29 LOG7[service]: FD=664 ifds=r-x ofds=--- 2022.07.26 14:37:29 LOG7[service]: FD=840 ifds=r-x ofds=r-- 2022.07.26 14:37:29 LOG7[service]: Service [POP3 Incoming] accepted (FD=740) from 192.168.110.11:60596 2022.07.26 14:37:29 LOG7[service]: Creating a new thread 2022.07.26 14:37:29 LOG7[service]: New thread created 2022.07.26 14:37:29 LOG7[22]: Service [POP3 Incoming] started 2022.07.26 14:37:29 LOG7[22]: Setting local socket options (FD=740) 2022.07.26 14:37:29 LOG7[22]: Option TCP_NODELAY set on local socket 2022.07.26 14:37:29 LOG5[22]: Service [POP3 Incoming] accepted connection from 192.168.110.11:60596 2022.07.26 14:37:29 LOG6[22]: Peer certificate not required 2022.07.26 14:37:29 LOG7[22]: TLS state (accept): before SSL initialization 2022.07.26 14:37:59 LOG7[22]: TLS alert (write): fatal: decode error 2022.07.26 14:37:59 LOG3[22]: SSL_accept: ssl/record/rec_layer_s3.c:308: error:0A000126:SSL routines::unexpected eof while reading 2022.07.26 14:37:59 LOG5[22]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2022.07.26 14:37:59 LOG7[22]: Local descriptor (FD=740) closed 2022.07.26 14:37:59 LOG7[22]: Service [POP3 Incoming] finished (0 left) Config: ; Sample stunnel configuration file for Win64 by Michal Trojnara 2002-2022 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options ; ************************************************************************** ; * Global options * ; ************************************************************************** ; Debugging stuff (may be useful for troubleshooting) debug = 7 output = stunnel.log log = overwrite ; Enable FIPS 140-2 mode if needed for compliance ;fips = yes ; Microsoft CryptoAPI engine allows for authentication with private keys ; stored in the Windows certificate store ; Each section using this feature also needs the "engineId = capi" option ;engine = capi ; You also need to disable TLS 1.2 or later, because the CryptoAPI engine ; currently does not support PSS ;sslVersionMax = TLSv1.1 ; TLSv1.1 requires security level 0 when compiled OpenSSL 3.0 and later securityLevel = 0 ; The pkcs11 engine allows for authentication with cryptographic ; keys isolated in a hardware or software token ; MODULE_PATH specifies the path to the pkcs11 module shared library, ; such as softhsm2-x64.dll or opensc-pkcs11.dll ; IMPORTANT: A 64-bit stunnel requires 64-bit PKCS#11 modules ; Each section using this feature also needs the "engineId = pkcs11" option ;engine = pkcs11 ;engineCtrl = MODULE_PATH:softhsm2-x64.dll ;engineCtrl = PIN:1234 ; ************************************************************************** ; * Service defaults may also be specified in individual service sections * ; ************************************************************************** ; Enable support for the insecure SSLv3 protocol ;sslVersion = all sslVersionMax=TLSv1.3 sslVersionMin=TLSv1.2 sslVersion = TLSv1.2 sslVersion = TLSv1.3 ;options = NO_SSLv2 ;options = NO_SSLv3 ;options = NO_SSLv2 ;options = NO_SSLv3 ;options = NO_TLSv1 ciphers = ALL ;ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256 options = CIPHER_SERVER_PREFERENCE cert = stunnel.pem CAfile = ca-certs.pem OCSPaia = no verify = 0 ; These options provide additional security at some performance degradation ;options = SINGLE_ECDH_USE ;options = SINGLE_DH_USE ; ************************************************************************** ; * Include all configuration file fragments from the specified folder * ; ************************************************************************** ;include = conf.d ; ************************************************************************** ; * Service definitions (at least one service has to be defined) * ; ************************************************************************** ; ***************************************** Example TLS client mode services ;[POP3 Incoming] ;client = yes ;accept = 110 ;connect = outlook.office365.com:995 ;verifyChain = yes ;CAfile = ca-certs.pem ;checkHost = outlook.office365.com ;OCSPaia = yes [POP3 Incoming] accept = 110 connect = outlook.office365.com:995 ;[SMTP Outgoing] ;accept = 25 ;connect = smtp.office365.com:587 ;[SMTP Outgoing] ;client = yes ;accept = 25 ;protocol = smtp ;connect = smtp.office365.com:587 ;verifyChain = yes ;CAfile = ca-certs.pem ;checkHost = smtp.office365.com ;OCSPaia = yes ; Encrypted HTTP proxy authenticated with a client certificate ; located in the Windows certificate store ;[example-proxy] ;client = yes ;accept = 127.0.0.1:8080 ;connect = example.com:8443 ;engineId = capi ; Encrypted HTTP proxy authenticated with a client certificate ; located in a cryptographic token ;[example-pkcs11] ;client = yes ;accept = 127.0.0.1:8080 ;connect = example.com:8443 ;engineId = pkcs11 ;cert = pkcs11:token=MyToken;object=MyCert ;key = pkcs11:token=MyToken;object=MyKey ; ***************************************** Example TLS server mode services ;[pop3s] ;accept = 995 ;connect = 110 ;cert = stunnel.pem ;[imaps] ;accept = 993 ;connect = 143 ;cert = stunnel.pem ; Either only expose this service to trusted networks, or require ; authentication when relaying emails originated from loopback. ; Otherwise the following configuration creates an open relay. ;[ssmtp] ;accept = 465 ;connect = 25 ;cert = stunnel.pem ; TLS front-end to a web server ;[https] ;accept = 443 ;connect = 80 ;cert = stunnel.pem ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel ; Microsoft implementations do not use TLS close-notify alert and thus they ; are vulnerable to truncation attacks ;TIMEOUTclose = 0 ; Remote cmd.exe protected with PSK-authenticated TLS ; Create "secrets.txt" containing IDENTITY:KEY pairs ;[cmd] ;accept = 1337 ;exec = c:\windows\system32\cmd.exe ;execArgs = cmd.exe ;PSKsecrets = secrets.txt ; vim:ft=dosini _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
