[stunnel-users] stunnel receiving 15 signal after a few minutes

Wed Aug 13 23:08:35 CEST 2014

Hello all,

I installed stunnel and freetds last August. I use a custom stunnel config
file (see below). It runs very well for about 5 minutes, but then receives
signal 15 from somewhere and terminates.

The box OS is CentOS release 6.5 (Final) and CPanel is running on it (I
believe CPanel uses its own stunnel for its ssl). Below I have the info for
the stunnel software that I installed.

Do you have any idea what process could be sending this termination signal
to my stunnel, or if something else is happening? Thanks in advance for
your help -- Jenna

stunnel info:
=============================================
stunnel 4.56 on x86_64-unknown-linux-gnu platform
Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010
Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP

Global options:
debug                  = daemon.notice
pid                    = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes               = 64
RNDfile                = /dev/urandom
RNDoverwrite           = yes

Service-level options:
ciphers                = FIPS (with "fips = yes")
ciphers                = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH
(with "fips = no")
sessionCacheSize       = 1000
sessionCacheTimeout    = 300 seconds
sslVersion             = TLSv1 (with "fips = yes")
sslVersion             = TLSv1 for client, all for server (with "fips = no")
stack                  = 65536 bytes
TIMEOUTbusy            = 300 seconds
TIMEOUTclose           = 60 seconds
TIMEOUTconnect         = 10 seconds
TIMEOUTidle            = 43200 seconds
verify                 = none

Config file:
=============================================
cert = /usr/local/etc/stunnel/certs/server.crt
key = /usr/local/etc/stunnel/certs/server.key
CAFile = /usr/local/etc/stunnel/certs/ca.crt
CAPath = /usr/local/etc/stunnel/certs

pid = /usr/local/etc/stunnel/stunnel.pid
options = NO_SSLv2
debug = 7
output = /usr/local/etc/stunnel/stunnel.log
foreground = no
socket = r:TCP_NODELAY=1

[njstunnel]
accept = njstunnel
connect = web.mycompanyname.net:61667

retry = yes
client = yes
TIMEOUTconnect = 1
verify = 2
TIMEOUTbusy =1
TIMEOUTidle = 500

Here is the output from start up to receiving the signal 15:
=============================================
2014.08.13 15:47:01 LOG5[25039:140284139354048]: stunnel 4.29 on
x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010
2014.08.13 15:47:01 LOG5[25039:140284139354048]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2014.08.13 15:47:01 LOG5[25039:140284139354048]: 500 clients allowed
2014.08.13 15:50:03 LOG5[25045:140284139354048]: Received signal 15;
terminating
2014.08.13 15:51:02 LOG5[25347:140674811922368]: stunnel 4.29 on
x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010
2014.08.13 15:51:02 LOG5[25347:140674811922368]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2014.08.13 15:51:02 LOG5[25347:140674811922368]: 500 clients allowed
2014.08.13 15:51:44 LOG5[25355:140674811922368]: Received signal 15;
terminating
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Snagged 64 random bytes
from /dev/urandom
2014.08.13 15:51:46 LOG7[25419:140090284656576]: RAND_status claims
sufficient entropy for the PRNG
2014.08.13 15:51:46 LOG7[25419:140090284656576]: PRNG seeded successfully
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Configuration SSL options:
0x01000000
2014.08.13 15:51:46 LOG7[25419:140090284656576]: SSL options set: 0x01000004
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Certificate:
/usr/local/etc/stunnel/certs/server.crt
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Certificate loaded

2014.08.13 15:51:46 LOG7[25419:140090284656576]: Key file:
/usr/local/etc/stunnel/certs/server.key
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Private key loaded

2014.08.13 15:51:46 LOG7[25419:140090284656576]: Loaded verify certificates
from /usr/local/etc/stunnel/certs/ca.crt
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Loaded
/usr/local/etc/stunnel/certs/ca.crt revocation lookup file
2014.08.13 15:51:46 LOG7[25419:140090284656576]: Verify directory set to
/usr/local/etc/stunnel/certs

2014.08.13 15:51:46 LOG7[25419:140090284656576]: Added
/usr/local/etc/stunnel/certs revocation lookup directory
2014.08.13 15:51:46 LOG7[25419:140090284656576]: SSL context initialized
for service njstunnel

2014.08.13 15:51:46 LOG5[25419:140090284656576]: stunnel 4.29 on
x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010
2014.08.13 15:51:46 LOG5[25419:140090284656576]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

2014.08.13 15:51:46 LOG6[25419:140090284656576]: file ulimit = 4096 (can be
changed with 'ulimit -n')
2014.08.13 15:51:46 LOG6[25419:140090284656576]: poll() used - no
FD_SETSIZE limit for file descriptors

2014.08.13 15:51:46 LOG5[25419:140090284656576]: 2000 clients allowed

2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 10 in non-blocking mode

2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 11 in non-blocking mode

2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 12 in non-blocking mode

2014.08.13 15:51:46 LOG7[25419:140090284656576]: SO_REUSEADDR option set on
accept socket
2014.08.13 15:51:46 LOG7[25419:140090284656576]: njstunnel bound to
0.0.0.0:19770
2014.08.13 15:51:46 LOG7[25425:140090284656576]: Created pid file
/usr/local/etc/stunnel/stunnel.pid
2014.08.13 15:55:03 LOG5[25425:140090284656576]: Received signal 15;
terminating
2014.08.13 15:55:03 LOG7[25425:140090284656576]: removing pid file
/usr/local/etc/stunnel/stunnel.pid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140813/5a1d0381/attachment.html>