[stunnel-users] Help in setting stunnel in server mode to over come TLSV2 compatibility

jothish.chokkalingam at accenture.com jothish.chokkalingam at accenture.com
Wed Nov 23 01:43:58 CET 2016


HI all,

There is a problem we have currently connecting tibco client to SFDC sever via TLS v1.2 and that's solved by using stunnel in client mode. And the communication from SFDC client to tibco server applications w.r.t TLS V1.2 I am unable to solve using stunnel. Below is the configuration in stunnel in server end to divert the traffic from 8008 to 8009, can you help here with the logs is the stunnel configuration is correct or there any missed/need to alter.

[SFDC reverse proxy test]
debug=7
;client = yes
accept = 8008-->port used by sfdc client to connect to TIBCO server
connect = localhost:8009 -->Tibco server that's running
cert = stunnel.pem
2016.11.23 08:31:56 LOG7[118]: Service [SFDC reverse proxy test] started
2016.11.23 08:31:56 LOG7[118]: Option TCP_NODELAY set on local socket
2016.11.23 08:31:56 LOG5[118]: Service [SFDC reverse proxy test] accepted connection from 101.167.198.14:54477
2016.11.23 08:31:56 LOG6[118]: Peer certificate not required
2016.11.23 08:31:56 LOG7[118]: SSL state (accept): before/accept initialization
2016.11.23 08:31:56 LOG3[118]: SSL_accept: Peer suddenly disconnected
2016.11.23 08:31:56 LOG5[118]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.11.23 08:31:56 LOG7[118]: Local descriptor (FD=696) closed
2016.11.23 08:31:56 LOG7[118]: Service [SFDC reverse proxy test] finished (0 left)

PFB the openssl snap shot looks odd
C:\Program Files (x86)\stunnel\bin>openssl s_client -connect localhost:8008 -prexit -showcerts
WARNING: can't open config file: /devel/win32/openssl/openssl.cnf
CONNECTED(0000016C)

Thanks and Regards,
Jothish
TIBCO TSD
Ph. : +91 44 39263958
Mobile : +91 9884040171
Support : +91 9962007110
OC : jothish.chokkalingam
Group mail:- Telstra.psm.tsd.tibco at accenture.com


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20161123/d9c6e79b/attachment.html>


More information about the stunnel-users mailing list