[stunnel-users] error during multithreaded operation

Dale Kingsbury dale at acuotech.com
Fri Apr 10 22:00:00 CEST 2009


OS: Windows 2003 SP2

SDK: 2003 R2 SDK

 

We have a multithreaded application that uses a REST-style interface to
an SSL-enabled UNIX box that only uses AES. I tried using WinHTTP, but
unfortunately, AES is broken in the 2003 version of WinHTTP (confirmed
by M$).

 

SO, I hook up stunnel, which works fine when I only start one thread,
but if I use more than 1 thread, I get the following error in the
stunnel.log. Note that the error is on thread 7140, and the connection
is immediately closed. I have retry logic that re-starts failed threads,
and the restarted thread works the second time. (of course, the first
has finished, so it is essentially running by itself.) 

 

The other item of interest is that each thread is sending about 500,000
bytes of data in chunks of 16,000 bytes, and my trace shows that it
usually fails after having written more than 100,000 bytes successfully.

 

Any suggestions or help would be greatly appreciated...

 

 

2009.04.10 13:17:01 LOG7[3016:7040]: SSL state (connect): SSLv3 flush
data

 

2009.04.10 13:17:01 LOG7[3016:7140]: SSL alert (write): fatal: decrypt
error  <<<<< ----- NOTE FAILS HERE ON thread 7140

 

2009.04.10 13:17:01 LOG7[3016:7040]: SSL state (connect): SSLv3 read
finished A

2009.04.10 13:17:01 LOG7[3016:7040]:    0 items in the session cache

2009.04.10 13:17:01 LOG7[3016:7040]:   20 client connects
(SSL_connect())

2009.04.10 13:17:01 LOG7[3016:7040]:   19 client connects that finished

2009.04.10 13:17:01 LOG7[3016:7040]:    0 client renegotiations
requested

2009.04.10 13:17:01 LOG7[3016:7040]:    0 server connects (SSL_accept())

2009.04.10 13:17:01 LOG7[3016:7040]:    0 server connects that finished

2009.04.10 13:17:01 LOG7[3016:7040]:    0 server renegotiations
requested

2009.04.10 13:17:01 LOG7[3016:7040]:    0 session cache hits

2009.04.10 13:17:01 LOG7[3016:7040]:    0 session cache misses

2009.04.10 13:17:01 LOG7[3016:7040]:    0 session cache timeouts

2009.04.10 13:17:01 LOG6[3016:7040]: SSL connected: new session
negotiated

2009.04.10 13:17:01 LOG6[3016:7040]: Negotiated ciphers: AES256-SHA
SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

 

2009.04.10 13:17:01 LOG3[3016:7140]: SSL_connect: 1408C095:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed

 

2009.04.10 13:17:01 LOG5[3016:7140]: Connection reset: 0 bytes sent to
SSL, 0 bytes sent to socket

2009.04.10 13:17:01 LOG7[3016:7140]: bycast-write-1 finished (1 left)

 

 

Configuratation file:

 

;Stunnel configuration for Acuo.

 

; Some performance tunings

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

 

 

; Some debugging stuff useful for troubleshooting

debug = 7

output = stunnel.log

 

; Use it for client mode

client=yes

verify=0

 

; Service-level configuration

 

[bycast-read-1]

accept  = 18080

connect = 10.220.8.100:8080

;ciphers=AES128-SHA:AES256-SHA

TIMEOUTclose = 0

sslVersion = TLSv1

 

Dale Kingsbury

Founder - Lead Software Engineer

Phone: 651-744-9225  << NOTE new number

Fax: 651-730-4231

Cel: 651-592-5204

email: dale at acuotech.com <mailto:dale at acuotech.com> 

 

RSNA Booth #4980

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090410/32db17ab/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 36815 bytes
Desc: image001.jpg
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090410/32db17ab/attachment.jpg>


More information about the stunnel-users mailing list