[stunnel-users] HTTPS connections aborted

Matthias Kellermann mkellermann at net-com.de
Mon May 5 10:49:49 CEST 2008


Hi list,

I've set up a loadbalancer with haproxy and I'm using stunnel to have 
HTTPS on the loadbalancer. Every connection on port 443 is forwarded by 
stunnel to port 80 where haproxy listens.

Some facts:
FreeBSD 6.2 i386
stunnel 4.22
OpenSSL 0.9.7e-p1
gcc version 3.4.6 [FreeBSD] 20060305

Here is my stunnel.conf:
sslVersion = all

chroot = /var/tmp/stunnel
setuid = stunnel
setgid = nogroup
pid = /stunnel.pid

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

debug = 3

[https]
cert = /usr/local/etc/stunnel/ssl/mycert.pem
accept=localip:443
connect=localip:80

Some of my customers using HTTPS are claiming about aborted connections 
with MS Internet Explorer. They get a message about "secure and unsecure 
objects on this site, proceed?". When clicking yes they get a IE error 
message: "site not found". (Sorry, I don't know the exact english error 
message because customers use german version of IE). Of course there are 
only HTTPS objects on the page.

In my logs I've lot of these entries:
SSL_accept: Peer suddenly disconnected

 From time to time I'll get this error:
SSL_read: Connection reset by peer (54)
or:
SSL_read: Operation timed out (60)
or:
SSL_write: Broken pipe (32)

At the moment I have no idea where these errors come from and if they 
really belong to the error the customer gets with his IE browser. Any 
ideas what could cause these error messages?

Thanks in advance,
Matthias




More information about the stunnel-users mailing list