[stunnel-users] (no subject)

Adrián Mihálko adriankoooo at gmail.com
Fri Oct 9 09:15:19 CEST 2015


Dear stunnel users,

I have a little service which listen only on https://localhost:4952 and
checks source hostname. I want to connect on "listen:1988" and redirect
requests with stunnel to "localhost:4952"

https://192.168.1.10:1988 -> redirect https://localhost:4952


 I am trying to configure stunnel like this

[myservice]
cert = stunnel.pem
client = yes
accept = 0.0.0.0:1988
connect = localhost:4952

remote machine$ curl https://192.168.1.25:9999/DYMO/DLS/Printing/Check -v
*   Trying 192.168.1.25...
* Connected to 192.168.1.25 (192.168.1.25) port 9999 (#0)
* WARNING: using IP address, SNI is being disabled by the OS.
* Unknown SSL protocol error in connection to 192.168.1.25:-9847
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to 192.168.1.25:-9847

stunnel.log:
2015.10.09 09:05:42 LOG5[38]: Service [myservice] accepted connection from
192.168.1.24:60748
2015.10.09 09:05:42 LOG6[38]: failover: round-robin, starting at entry #1
2015.10.09 09:05:42 LOG6[38]: s_connect: connecting 127.0.0.1:41952
2015.10.09 09:05:42 LOG5[38]: s_connect: connected 127.0.0.1:41952
2015.10.09 09:05:42 LOG5[38]: Service [myservice] connected remote server
from 127.0.0.1:50503
2015.10.09 09:05:42 LOG6[38]: SNI: sending servername: localhost
2015.10.09 09:05:42 LOG6[38]: Certificate verification disabled
2015.10.09 09:05:42 LOG6[38]: Certificate verification disabled
2015.10.09 09:05:42 LOG6[38]: SSL connected: new session negotiated
2015.10.09 09:05:42 LOG6[38]: Negotiated TLSv1 ciphersuite AES128-SHA
(128-bit encryption)
2015.10.09 09:05:42 LOG6[38]: SSL socket closed (SSL_read)
2015.10.09 09:05:42 LOG5[38]: Connection closed: 230 byte(s) sent to SSL,
505 byte(s) sent to socket

I am tried verify = 1 to 4, either works. :(

Best Regards,
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20151009/e8fbf4f1/attachment.html>


More information about the stunnel-users mailing list