[stunnel-users] Problems using STunnel with a non-default port - Please Help

• Previous message (by thread): [stunnel-users] Creating a man in middle attack for legit purposes.
• Next message (by thread): [stunnel-users] Problems using STunnel with a non-default port - Please Help
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a personal webserver running on Win2K Pro SP4 that listens on port
17875. This server is accessible through my NAT and software firewall
(ZoneAlarm Pro). I then installed STunnel with the following conf:

[https]
accept=4430
connect=17875
TIMEOUTclose=0

Now, when I access https://<server>:4430, I get a HTTP 400 (Bad Request)
error message, with both Internet Explorer 6 and FireFox 1.01. However, if I
change the accept port from 4430 to 443 (and make the appropriate changes on
the NAT for port forwarding), and use https://<server>, it works. I don't
want to use the standard port. What am I doing wrong?

Here's the log that STunnel generated:

2005.03.16 08:33:26 LOG5[1044:288]: stunnel 4.08 on x86-pc-mingw32-gnu
WIN32+IPv4 with OpenSSL 0.9.7e 25 Oct 2004
2005.03.16 08:33:26 LOG7[1044:1096]: RAND_status claims sufficient entropy
for the PRNG
2005.03.16 08:33:26 LOG6[1044:1096]: PRNG seeded successfully
2005.03.16 08:33:26 LOG7[1044:1096]: Certificate: stunnel.pem
2005.03.16 08:33:26 LOG7[1044:1096]: Key file: stunnel.pem
2005.03.16 08:33:26 LOG5[1044:1096]: No limit detected for the number of
clients
2005.03.16 08:33:26 LOG7[1044:1096]: FD 168 in non-blocking mode
2005.03.16 08:33:26 LOG7[1044:1096]: SO_REUSEADDR option set on accept
socket
2005.03.16 08:33:26 LOG7[1044:1096]: https bound to 0.0.0.0:4430
2005.03.16 08:34:08 LOG7[1044:1096]: https accepted FD=180 from
192.168.0.2:4864
2005.03.16 08:34:08 LOG7[1044:1096]: FD 180 in non-blocking mode
2005.03.16 08:34:08 LOG7[1044:1096]: Creating a new thread
2005.03.16 08:34:08 LOG7[1044:1096]: New thread created
2005.03.16 08:34:08 LOG7[1044:896]: https started
2005.03.16 08:34:08 LOG5[1044:896]: https connected from 192.168.0.2:4864
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): before/accept
initialization
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read client
hello A
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write server
hello A
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write
certificate A
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write server
done A
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 flush data
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read client
key exchange A
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read finished
A
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write change
cipher spec A
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write finished
A
2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 flush data
2005.03.16 08:34:08 LOG7[1044:896]:    1 items in the session cache
2005.03.16 08:34:08 LOG7[1044:896]:    0 client connects (SSL_connect())
2005.03.16 08:34:08 LOG7[1044:896]:    0 client connects that finished
2005.03.16 08:34:08 LOG7[1044:896]:    0 client renegotiatations requested
2005.03.16 08:34:08 LOG7[1044:896]:    1 server connects (SSL_accept())
2005.03.16 08:34:08 LOG7[1044:896]:    1 server connects that finished
2005.03.16 08:34:08 LOG7[1044:896]:    0 server renegotiatiations requested
2005.03.16 08:34:08 LOG7[1044:896]:    0 session cache hits
2005.03.16 08:34:08 LOG7[1044:896]:    1 session cache misses
2005.03.16 08:34:08 LOG7[1044:896]:    0 session cache timeouts
2005.03.16 08:34:08 LOG6[1044:896]: SSL accepted: new session negotiated
2005.03.16 08:34:08 LOG6[1044:896]: Negotiated ciphers: RC4-MD5
SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
2005.03.16 08:34:08 LOG7[1044:896]: FD 200 in non-blocking mode
2005.03.16 08:34:08 LOG7[1044:896]: https connecting 127.0.0.1:17875
2005.03.16 08:34:08 LOG7[1044:896]: connect_wait: waiting 10 seconds
2005.03.16 08:34:08 LOG7[1044:896]: connect_wait: connected
2005.03.16 08:34:08 LOG7[1044:896]: Remote FD=200 initialized
2005.03.16 08:34:08 LOG7[1044:896]: Socket closed on read
2005.03.16 08:34:08 LOG7[1044:896]: SSL write shutdown
2005.03.16 08:34:08 LOG7[1044:896]: SSL alert (write): warning: close notify
2005.03.16 08:34:08 LOG7[1044:896]: SSL_shutdown retrying
2005.03.16 08:34:08 LOG7[1044:896]: s_poll_wait timeout waiting for SSL
close_notify
2005.03.16 08:34:08 LOG5[1044:896]: Connection closed: 208 bytes sent to
SSL, 389 bytes sent to socket
2005.03.16 08:34:08 LOG7[1044:896]: https finished (0 left)

Any help much appreciated.

Thanks.

• Previous message (by thread): [stunnel-users] Creating a man in middle attack for legit purposes.
• Next message (by thread): [stunnel-users] Problems using STunnel with a non-default port - Please Help
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]