[stunnel-users] Stunnel Connectivity Issue

Dheeraj Gautam dheeraj.gautam at arborfs.com
Tue Jun 13 18:05:58 CEST 2017


Yes, I am testing the connection with telnet.

 

There is no another way to test the connection.

 

Regards,

 

Dheeraj Gautam

 

From: Dheeraj Gautam [mailto:dheeraj.gautam at arborfs.com] 
Sent: Tuesday, June 13, 2017 9:32 PM
To: 'Liz Turi' <lturi at maehc.org>; 'Małgorzata Olszówka' <Malgorzata.Olszowka at stunnel.org>
Cc: stunnel-users at stunnel.org
Subject: RE: [stunnel-users] Stunnel Connectivity Issue

 

Hi Liz,

 

Thanks for your reply.

 

Actually we need to run a service which will work only once stunnel connection establish and the service will work till the time connection connected.

 

But at the moment I don’t have idea like how the stunnel will remain connected.

 

Could you please suggest me to fix this so that stunnel connection remain connected and I can run the application.

 

Waiting for your valuable response.

 

Regards,

 

Dheeraj Gautam

 

From: Liz Turi [mailto:lturi at maehc.org] 
Sent: Tuesday, June 13, 2017 9:19 PM
To: Dheeraj Gautam <dheeraj.gautam at arborfs.com <mailto:dheeraj.gautam at arborfs.com> >; Małgorzata Olszówka <Malgorzata.Olszowka at stunnel.org <mailto:Malgorzata.Olszowka at stunnel.org> >
Cc: stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org> 
Subject: RE: [stunnel-users] Stunnel Connectivity Issue

 

Hi, Dheeraj,

 

Are you testing the connection with Telnet? Or are you testing with the application. What I noticed in testing the connection is that once the command is completed, the connection is closed.

 

However, when I test from my application, its only closed once all transactions in that session are completed, and will show how much data was passed on (following from my logs at the end of a non-telnet test session.

 

2017.06.13 10:16:08 LOG6[1]: Negotiated TLSv1.2 ciphersuite AES256-GCM-SHA384 (256-bit encryption)

2017.06.13 10:16:18 LOG6[1]: Read socket closed (readsocket)

2017.06.13 10:16:18 LOG6[1]: SSL_shutdown successfully sent close_notify alert

2017.06.13 10:16:18 LOG6[1]: TLS closed (SSL_read)

2017.06.13 10:16:18 LOG5[1]: Connection closed: 2791 byte(s) sent to TLS, 1641 byte(s) sent to socket

 

Liz Turi

Sr. Consultant

Massachusetts eHealth Collaborative

860 Winter Street, Waltham, MA 02451

(m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589

 <http://www.maehc.org> www.maehc.org

 <https://www.facebook.com/massachusettsehealthcollab?fref=nf>  <https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>  <https://twitter.com/MAeHC_org> 

 

From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Dheeraj Gautam
Sent: Tuesday, June 13, 2017 11:41 AM
To: Małgorzata Olszówka <Malgorzata.Olszowka at stunnel.org <mailto:Malgorzata.Olszowka at stunnel.org> >
Cc: stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org> 
Subject: Re: [stunnel-users] Stunnel Connectivity Issue

 

HI Guys,

 

below is the config which i have configured with TLSv1.2, but still connection establishing only for while when i telnet telnet 127.0.0.1 9233. and just after connection closed.

 

[TCP]

client=yes

cert = BBG_cert.pem

key = BBG_key.pem

verifyChain = yes

CAfile = BBG_CACerts.pem

connect = 69.191.198.34:8228 <http://69.191.198.34:8228> 

accept  = 127.0.0.1:9233 <http://127.0.0.1:9233> 

sslVersion = TLSv1.2

 

below the logs:

 

2017.06.13 11:57:49 LOG5[main]: Reading configuration from file stunnel.conf

2017.06.13 11:57:49 LOG5[main]: UTF-8 byte order mark detected

2017.06.13 11:57:49 LOG5[main]: FIPS mode disabled

2017.06.13 11:57:49 LOG3[main]: Service [TCP]: Each service must define two endpoints

2017.06.13 11:57:49 LOG3[main]: Failed to reload the configuration file

2017.06.13 16:37:16 LOG5[main]: Reading configuration from file stunnel.conf

2017.06.13 16:37:16 LOG5[main]: UTF-8 byte order mark detected

2017.06.13 16:37:16 LOG5[main]: FIPS mode disabled

2017.06.13 16:37:16 LOG4[main]: Service [TCP] uses "verifyChain" without subject checks

2017.06.13 16:37:16 LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted certificates

2017.06.13 16:37:16 LOG5[main]: Configuration successful

2017.06.13 16:38:38 LOG5[11]: Service [TCP] accepted connection from 127.0.0.1:62736 <http://127.0.0.1:62736> 

2017.06.13 16:38:38 LOG5[11]: s_connect: connected 69.191.198.34:8228 <http://69.191.198.34:8228> 

2017.06.13 16:38:38 LOG5[11]: Service [TCP] connected remote server from 172.16.1.23:62737 <http://172.16.1.23:62737> 

2017.06.13 16:38:39 LOG5[11]: Certificate accepted at depth=0: C=US, ST=NEW YORK, L=NEW YORK, O=Bloomberg LP, OU=FIXBETA, CN=fixbeta.bloomberg.com <http://fixbeta.bloomberg.com> , emailAddress=caadmin at bloomberg.com <mailto:caadmin at bloomberg.com> 

2017.06.13 16:39:10 LOG5[11]: Connection closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

 

i want connection remained connected every time so that i can run the application.

 

application can be work only if the connection remain connected.

 

please help me to sort this out.

 

Regards,

 

Dheeraj Gautam

 

On 25 May 2017 at 12:29, Małgorzata Olszówka <Malgorzata.Olszowka at stunnel.org <mailto:Malgorzata.Olszowka at stunnel.org> > wrote:

Could you please let us know what parameters we are missing here due to which connection is not establishing with remote server.

Although, stunnel logs indicating that configuration successful, but in logs no where is mentioned about the connection is it connected or not, 



Hello Dheeraj,

You should set the verifyChain option in order to verify the certificate stored in the file specified with CAfile:
verifyChain = yes

Then you can test your connection:
telnet 127.0.0.1 9233
the stunnel logs will show information about the connection attempt.

Regards,
Małgorzata
_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org> 
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

 

 

www.arborfs.com <http://www.arborfs.com> 

This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged.

It is intended solely for the use of the individual or entity to which it is addressed.  If you are not the intended recipient, please notify the author immediately by telephone or by replying to this e-mail, and then delete all copies of the e-mail on your system.  If you are not the intended recipient, you must not use, disclose, distribute, copy, print or rely on this e-mail.

Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept liability for any damage sustained as a result of software viruses.  We would advise that you carry out your own virus checks, especially before opening an attachment.


CONFIDENTIALITY NOTICE
The information contained in this email transmission is legally privileged and confidential information intended only for the use of the addressee named above. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution or copying of this email transmission is strictly prohibited. If you have received this email transmission in error, please notify us immediately. Thank you.


-- 
 

www.arborfs.com

This e-mail and any attachment are confidential and contain proprietary 
information, some or all of which may be legally privileged.

It is intended solely for the use of the individual or entity to which it 
is addressed.  If you are not the intended recipient, please notify the 
author immediately by telephone or by replying to this e-mail, and then 
delete all copies of the e-mail on your system.  If you are not the 
intended recipient, you must not use, disclose, distribute, copy, print or 
rely on this e-mail.

Whilst we have taken reasonable precautions to ensure that this e-mail and 
any attachment has been checked for viruses, we cannot guarantee that they 
are virus free and we cannot accept liability for any damage sustained as a 
result of software viruses.  We would advise that you carry out your own 
virus checks, especially before opening an attachment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/11d04f70/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1636 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/11d04f70/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1605 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/11d04f70/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1693 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/11d04f70/attachment-0002.png>


More information about the stunnel-users mailing list