[stunnel-users] Peer suddenly disconnected
John Hartnup1
hartnuj at uk.ibm.com
Mon Sep 26 21:05:36 CEST 2005
stunnel-users-bounces at mirt.net wrote on 26-09-2005 19:17:55:
> Hello,
>
> I'm having problems using stunnel. I would be glad to provide further
> information upon request. The funny thing is that it was working before
> I shipped the client pc to the remote location. Nothing has changed
since.
They symptoms appear to me to be consistent with a firewall between the
client and the server terminating the connection when it sees traffic that
doesn't fit its view of what the protocol it expects on port 465 to be.
I see this all the time because I work with FTP/TLS, which goes on port 21
like normal FTP, but some common firewall configurations sever the
connection when it switches to SSL and the firewall starts seeing non-ASCII
bytes, or long strings of bytes without CRLFs.
However, port 465 is designated for SMTP over TLS, so this wouldn't seem
likely to be a common firewall configuration. The fact that it worked when
the client was on a different network supports the theory that it's
firewall related.
> Here's what I get in the logs:
>
> CLIENT:
> ssmtp accepted FD=8 from 127.0.0.1:32844
> FD 8 in non-blocking mode
> ssmtp started
> ssmtp connected from 127.0.0.1:32844
> FD 9 in non-blocking mode
> ssmtp connecting 62.21.201.224:465
> remote connect #1: EINPROGRESS: retrying
> waitforsocket: FD=9, DIR=write
> waitforsocket: ok
> Remote FD=9 initialized
> SSL state (connect): before/connect initialization
> SSL state (connect): SSLv3 write client hello A
> waitforsocket: FD=9, DIR=read
> waitforsocket: ok
> SSL state (connect): SSLv3 read server hello A
> SSL state (connect): SSLv3 read server certificate A
> SSL state (connect): SSLv3 read server certificate request A
> SSL state (connect): SSLv3 read server done A
> SSL state (connect): SSLv3 write client certificate A
> SSL state (connect): SSLv3 write client key exchange A
> SSL state (connect): SSLv3 write certificate verify A
> SSL state (connect): SSLv3 write change cipher spec A
> SSL state (connect): SSLv3 write finished A
> SSL state (connect): SSLv3 flush data
> waitforsocket: FD=9, DIR=read
> waitforsocket: ok
> SSL_connect: Peer suddenly disconnected
> ssmtp finished (0 left)
>
> SERVER:
> ssmtp accepted FD=8 from 77.34.26.143:32845
> FD 8 in non-blocking mode
> ssmtp started
> ssmtp connected from 77.34.26.143:32845
> SSL state (accept): before/accept initialization
> SSL state (accept): SSLv3 read client hello A
> SSL state (accept): SSLv3 write server hello A
> SSL state (accept): SSLv3 write certificate A
> SSL state (accept): SSLv3 write certificate request A
> SSL state (accept): SSLv3 flush data
> SSL_accept: Peer suddenly disconnected
> ssmtp finished (0 left)
>
> ============================================
>
> CLIENT INFO:
> stunnel 4.05 on i386-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7e 25
> Oct 2004
>
> Global options
> cert = /etc/stunnel/stunnel.pem
> ciphers = ALL:!ADH:+RC4:@STRENGTH
> debug = 5
> key = /etc/stunnel/stunnel.pem
> pid = /var/run/stunnel4/stunnel.pid
> RNDbytes = 64
> RNDfile = /dev/urandom
> RNDoverwrite = yes
> session = 300 seconds
> verify = none
>
> Service-level options
> TIMEOUTbusy = 300 seconds
> TIMEOUTclose = 60 seconds
> TIMEOUTidle = 43200 seconds
>
> ------------------
>
> SERVER INFO:
> stunnel 4.09 on x86_64-pc-linux-gnu PTHREAD+POLL+IPv6+LIBWRAP with
> OpenSSL 0.9.7e 25 Oct 2004
>
> Global options
> cert = /etc/stunnel/stunnel.pem
> ciphers = ALL:!ADH:+RC4:@STRENGTH
> debug = 5
> key = /etc/stunnel/stunnel.pem
> pid = /var/lib/run/stunnel.pid
> RNDbytes = 64
> RNDfile = /dev/urandom
> RNDoverwrite = yes
> session = 300 seconds
> verify = none
>
> Service-level options
> TIMEOUTbusy = 300 seconds
> TIMEOUTclose = 60 seconds
> TIMEOUTconnect = 10 seconds
> TIMEOUTidle = 43200 seconds
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list