[stunnel-users] STunnel not passing traffic

Gary Jackson Fri, 13 Jan 2023 11:05:44 -0800

I have an application that sends XML encrypted traffic over TCP to Stunnel.  
Stunnel is supposed to unencrypt and send to backend application unencrypted, 
however no traffic is sent.  I have used wireshark and I do see the client 
hello for tls1.2 and the server hello for tls 1.2 so the cipher negotiation is 
completed.


Here is my config:
sslVersionMax = TLSv1.2
options = -NO_SSLv3

[https]
accept  = 27015
connect = 27001
cert = cert.pem
key = key.pem
TIMEOUTclose = 0

STunnel Log in Debug 7
2023.01.13 14:03:42 LOG7[16572]: Service [https] started
2023.01.13 14:03:42 LOG7[16572]: Setting local socket options (FD=1888)
2023.01.13 14:03:42 LOG7[16572]: Option TCP_NODELAY set on local socket
2023.01.13 14:03:42 LOG5[16572]: Service [https] accepted connection from 
xx.xx.xx.xx:62478
2023.01.13 14:03:42 LOG6[16572]: Peer certificate not required
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): before SSL initialization
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): before SSL initialization
2023.01.13 14:03:42 LOG7[16572]: Decrypt session ticket callback
2023.01.13 14:03:42 LOG7[16572]: Initializing application specific data for 
session authenticated
2023.01.13 14:03:42 LOG7[16572]: SNI: no virtual services defined
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS read client hello
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write server 
hello
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write certificate
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write key 
exchange
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write server done
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write server done
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS read client key 
exchange
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS read change 
cipher spec
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS read finished
2023.01.13 14:03:42 LOG7[16572]: Generate session ticket callback
2023.01.13 14:03:42 LOG7[16572]: Initializing application specific data for 
session authenticated
2023.01.13 14:03:42 LOG7[16572]: Deallocating application specific data for 
session connect address
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write session 
ticket
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write change 
cipher spec
2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write finished
2023.01.13 14:03:42 LOG7[16572]:     33 server accept(s) requested
2023.01.13 14:03:42 LOG7[16572]:     33 server accept(s) succeeded
2023.01.13 14:03:42 LOG7[16572]:      0 server renegotiation(s) requested
2023.01.13 14:03:42 LOG7[16572]:      0 session reuse(s)
2023.01.13 14:03:42 LOG7[16572]:      1 internal session cache item(s)
2023.01.13 14:03:42 LOG7[16572]:      0 internal session cache fill-up(s)
2023.01.13 14:03:42 LOG7[16572]:      0 internal session cache miss(es)
2023.01.13 14:03:42 LOG7[16572]:      0 external session cache hit(s)
2023.01.13 14:03:42 LOG7[16572]:      0 expired session(s) retrieved
2023.01.13 14:03:42 LOG6[16572]: TLS accepted: new session negotiated
2023.01.13 14:03:42 LOG6[16572]: TLSv1.2 ciphersuite: 
ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2023.01.13 14:03:42 LOG3[16572]: SSL_get_peer_tmp_key: Peer suddenly 
disconnected
2023.01.13 14:03:42 LOG7[16572]: Compression: null, expansion: null
2023.01.13 14:03:42 LOG7[16572]: Deallocating application specific data for 
session connect address
2023.01.13 14:03:42 LOG6[16572]: s_connect: connecting 127.0.0.1:27001
2023.01.13 14:03:42 LOG7[16572]: s_connect: s_poll_wait 127.0.0.1:27001: 
waiting 10 seconds
2023.01.13 14:03:42 LOG7[16572]: FD=1472 ifds=rwx ofds=---
2023.01.13 14:03:42 LOG5[16572]: s_connect: connected 127.0.0.1:27001
2023.01.13 14:03:42 LOG6[16572]: persistence: 127.0.0.1:27001 cached
2023.01.13 14:03:42 LOG5[16572]: Service [https] connected remote server from 
127.0.0.1:56732
2023.01.13 14:03:42 LOG7[16572]: Setting remote socket options (FD=1472)
2023.01.13 14:03:42 LOG7[16572]: Option TCP_NODELAY set on remote socket
2023.01.13 14:03:42 LOG7[16572]: Remote descriptor (FD=1472) initialized
2023.01.13 14:03:42 LOG6[16572]: SSL_read: Socket is closed
2023.01.13 14:03:42 LOG6[16572]: TLS socket closed (SSL_read)
2023.01.13 14:03:42 LOG7[16572]: Sent socket write shutdown
2023.01.13 14:03:42 LOG5[16572]: Connection closed: 0 byte(s) sent to TLS, 0 
byte(s) sent to socket
2023.01.13 14:03:42 LOG7[16572]: Remote descriptor (FD=1472) closed
2023.01.13 14:03:42 LOG7[16572]: Local descriptor (FD=1888) closed
2023.01.13 14:03:42 LOG7[16572]: Service [https] finished (1 left)

Any assistance you can provide would be glorious!
_________________________________
Gary Jackson

_______________________________________________
stunnel-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[stunnel-users] STunnel not passing traffic

Reply via email to