[stunnel-users] (no subject)
Adrián Mihálko
adriankoooo at gmail.com
Fri Oct 9 12:32:30 CEST 2015
Sorry, curl was only for testing.
Adrians-MacBook-Pro:~ adrianmihalko$ openssl s_client -connect
192.168.1.17:1988
CONNECTED(00000003)
1130:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:618:
2015.10.09 12:23:21 LOG5[main]: Reading configuration from file stunnel.conf
2015.10.09 12:23:21 LOG5[main]: UTF-8 byte order mark detected
2015.10.09 12:23:21 LOG5[main]: FIPS mode disabled
2015.10.09 12:23:21 LOG6[main]: Initializing service [gmail-pop3]
2015.10.09 12:23:21 LOG6[main]: Initializing service [gmail-imap]
2015.10.09 12:23:21 LOG6[main]: Initializing service [gmail-smtp]
2015.10.09 12:23:21 LOG6[main]: Initializing service [myservice]
2015.10.09 12:23:21 LOG6[main]: Loading certificate from file: stunnel.pem
2015.10.09 12:23:21 LOG6[main]: Loading key from file: stunnel.pem
2015.10.09 12:23:21 LOG4[main]: Service [myservice] needs authentication to
prevent MITM attacks
2015.10.09 12:23:21 LOG5[main]: Configuration successful
2015.10.09 12:23:21 LOG5[main]: Logging to
C:\Users\adrianmihalko\AppData\Local\stunnel.log
2015.10.09 12:23:42 LOG5[39]: Service [myservice] accepted connection from
192.168.1.25:49454
2015.10.09 12:23:42 LOG6[39]: failover: round-robin, starting at entry #0
2015.10.09 12:23:42 LOG6[39]: s_connect: connecting ::1:41952
2015.10.09 12:23:42 LOG5[39]: s_connect: connected ::1:41952
2015.10.09 12:23:42 LOG5[39]: Service [myservice] connected remote server
from ::1:50564
2015.10.09 12:23:42 LOG6[39]: SNI: sending servername: localhost
2015.10.09 12:23:42 LOG6[39]: Certificate verification disabled
2015.10.09 12:23:42 LOG6[39]: Certificate verification disabled
2015.10.09 12:23:42 LOG6[39]: SSL connected: new session negotiated
2015.10.09 12:23:42 LOG6[39]: Negotiated TLSv1 ciphersuite AES128-SHA
(128-bit encryption)
2015.10.09 12:23:42 LOG6[39]: SSL socket closed (SSL_read)
2015.10.09 12:23:42 LOG5[39]: Connection closed: 130 byte(s) sent to SSL,
505 byte(s) sent to socket
If I am connecting to the :41952:
openssl s_client -connect 192.168.1.17:41952
...
---
No client certificate CA names sent
---
SSL handshake has read 1724 bytes and written 712 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
...
2015-10-09 10:55 GMT+02:00 test rig <testrig at z1p.biz>:
>
> Ouch #2 missing...
>
> Hi Adrian, looks good to me so far - mostly. Try to replace the client=yes
> with a client=no on the server
>
> You are connection to :9999 with curl(?)
> Try verify it via "openssl s_client -connect yourserverip:1988" command
>
> Best Regards
> Michael
>
> --- Ursprüngliche Nachricht ---
> *Von:* "test rig" <testrig at z1p.biz>
> *Datum:* 09.10.2015 09:48:02
> *An:* "stunnel-users at stunnel.org." <stunnel-users at stunnel.org>
> *Betreff:* Re: [stunnel-users] (no subject)
>
> Hi Adrian, looks good to me so far - mostly. Try to replace the client=yes
> with a client=no on the server
>
> --- Ursprüngliche Nachricht ---
> *Von:* Adrián Mihálko
> *Datum:* 09.10.2015 08:15:19
> *An:* stunnel-users at stunnel.org
> *Betreff:* [stunnel-users] (no subject)
>
> Dear stunnel users,
>
> I have a little service which listen only on https://localhost:4952 and
> checks source hostname. I want to connect on "listen:1988" and redirect
> requests with stunnel to "localhost:4952"
>
> https://192.168.1.10:1988 -> redirect https://localhost:4952
>
>
> I am trying to configure stunnel like this
>
> [myservice]
> cert = stunnel.pem
> client = yes
> accept = 0.0.0.0:1988
> connect = localhost:4952
>
> remote machine$ curl https://192.168.1.25:9999/DYMO/DLS/Printing/Check -v
> * Trying 192.168.1.25...
> * Connected to 192.168.1.25 (192.168.1.25) port 9999 (#0)
> * WARNING: using IP address, SNI is being disabled by the OS.
> * Unknown SSL protocol error in connection to 192.168.1.25:-9847
> * Closing connection 0
> curl: (35) Unknown SSL protocol error in connection to 192.168.1.25:-9847
>
> stunnel.log:
> 2015.10.09 09:05:42 LOG5[38]: Service [myservice] accepted connection from
> 192.168.1.24:60748
> 2015.10.09 09:05:42 LOG6[38]: failover: round-robin, starting at entry #1
> 2015.10.09 09:05:42 LOG6[38]: s_connect: connecting 127.0.0.1:41952
> 2015.10.09 09:05:42 LOG5[38]: s_connect: connected 127.0.0.1:41952
> 2015.10.09 09:05:42 LOG5[38]: Service [myservice] connected remote server
> from 127.0.0.1:50503
> 2015.10.09 09:05:42 LOG6[38]: SNI: sending servername: localhost
> 2015.10.09 09:05:42 LOG6[38]: Certificate verification disabled
> 2015.10.09 09:05:42 LOG6[38]: Certificate verification disabled
> 2015.10.09 09:05:42 LOG6[38]: SSL connected: new session negotiated
> 2015.10.09 09:05:42 LOG6[38]: Negotiated TLSv1 ciphersuite AES128-SHA
> (128-bit encryption)
> 2015.10.09 09:05:42 LOG6[38]: SSL socket closed (SSL_read)
> 2015.10.09 09:05:42 LOG5[38]: Connection closed: 230 byte(s) sent to SSL,
> 505 byte(s) sent to socket
>
> I am tried verify = 1 to 4, either works. :(
>
> Best Regards,
> Adrian
>
>
>
> ______________________________________________________
> powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure
> internet.
>
>
>
> ______________________________________________________
> powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure
> internet.
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20151009/e1d49c31/attachment.html>
More information about the stunnel-users
mailing list