[stunnel-users] Assistance needed debugging Stunnel AWS EC2 Interface

Małgorzata Olszówka gosia at olszowka.net
Fri Nov 25 14:42:44 CET 2016


W dniu 15.11.2016 o 03:39, Donald F. Coffin pisze:
> I am using stunnel as a proxy to support SoapUI mock services which are
> used to test an SSL based application.  The SoapUI and stunnel proxy are
> running on an AWS Ubuntu 14.04 EC2 Instance communicating to a Tomcat
> server running on a second AWS Ubuntu 14.04 EC2 Instance.  The target
> application uses a wildcard SSL Certificate and works successfully when
> accessed using a desktop browser (Chrome or Firefox).
>
> The issue I am encountering is that the stunnel connection logs a “SSL
> closed on SSL_read” message as soon as the cipher suite is negotiated as
> shown in the following stunnel.log:
>
> 2016.11.14 21:34:25 LOG6[5293:140430154827520]: SSL connected: new
> session negotiated
> 2016.11.14 21:34:25 LOG6[5293:140430154827520]: Negotiated TLSv1/SSLv3
> ciphersuite: AES128-SHA (128-bit encryption)
> 2016.11.14 21:34:25 LOG6[5293:140430154827520]: Compression: null,
> expansion: null
> 2016.11.14 21:34:45 LOG7[5293:140430154827520]: SSL closed on SSL_read
> 2016.11.14 21:34:45 LOG7[5293:140430154827520]: Sent socket write shutdown
> 2016.11.14 21:34:56 LOG7[5293:140430154827520]: Socket closed on read
> 2016.11.14 21:34:56 LOG7[5293:140430154827520]: Sending close_notify alert
> 2016.11.14 21:34:56 LOG6[5293:140430154827520]: SSL_shutdown
> successfully sent close_notify alert
> 2016.11.14 21:34:56 LOG5[5293:140430154827520]: Connection closed: 342
> byte(s) sent to SSL, 250 byte(s) sent to socket
>
> [resourceServer]
> accept=localhost:8080
> connect=52.43.245.161:8443
> ciphers=AES128-SHA
> client = yes
> cert=/etc/stunnel/stunnel.pem
> verify=0
>

Hi,
I think that the client called [resourceServer] establishes the correct 
connection with a server located on 52.43.245.161:8443. This server does 
not send any more data and the connection will be terminated, that's all.
It looks like:
openssl s_client -connect 52.43.245.161:8443

CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For 
authorized use only, CN = GeoTrust Primary Certification Authority - G3
verify error:num=19:self signed certificate in certificate chain
...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 
583834F5DD4454043940C81FF37027543258C97EC2799A75371A1B177C223D72
    Session-ID-ctx:
    Master-Key: 
DAF8AED7432455FAF9BA7483B67099DBDA32AB8C09AC736AAF6A8EF217F37CC23E0822DEDA37B33F56DEF44914B591A4 

    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1480078548
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
closed


Regards.

---
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.
https://www.avast.com/antivirus




More information about the stunnel-users mailing list