<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Config and logs below but redacted, this is running on 2016 server, if it matters I am starting it over an RDP session<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I find that the port is ignored in the config file and it always binds to ports in the 23*** range<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; Sample stunnel configuration file by Michal Trojnara 2002-2006<o:p></o:p></p>
<p class="MsoNormal">; Some options used here may not be adequate for your particular configuration<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; Certificate/key is needed in server mode and optional in client mode<o:p></o:p></p>
<p class="MsoNormal">; The default certificate is provided only for testing and should not<o:p></o:p></p>
<p class="MsoNormal">; be used in a production environment<o:p></o:p></p>
<p class="MsoNormal">;cert = stunnel.pem<o:p></o:p></p>
<p class="MsoNormal">;key = stunnel.pem<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; Some performance tunings<o:p></o:p></p>
<p class="MsoNormal">socket = l:TCP_NODELAY=1<o:p></o:p></p>
<p class="MsoNormal">socket = r:TCP_NODELAY=1<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; Workaround for Eudora bug<o:p></o:p></p>
<p class="MsoNormal">;options = DONT_INSERT_EMPTY_FRAGMENTS<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; Authentication stuff<o:p></o:p></p>
<p class="MsoNormal">;verify = 2<o:p></o:p></p>
<p class="MsoNormal">; Don't forget to c_rehash CApath<o:p></o:p></p>
<p class="MsoNormal">;CApath = certs<o:p></o:p></p>
<p class="MsoNormal">; It's often easier to use CAfile<o:p></o:p></p>
<p class="MsoNormal">;CAfile = certs.pem<o:p></o:p></p>
<p class="MsoNormal">; Don't forget to c_rehash CRLpath<o:p></o:p></p>
<p class="MsoNormal">;CRLpath = crls<o:p></o:p></p>
<p class="MsoNormal">; Alternatively you can use CRLfile<o:p></o:p></p>
<p class="MsoNormal">;CRLfile = crls.pem<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; Some debugging stuff useful for troubleshooting<o:p></o:p></p>
<p class="MsoNormal">debug = 7<o:p></o:p></p>
<p class="MsoNormal">output = /stunnel.log<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; Use it for client mode<o:p></o:p></p>
<p class="MsoNormal">client = yes<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; Service-level configuration<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[Service Config]<o:p></o:p></p>
<p class="MsoNormal">accept=127.0.0.1:40001<o:p></o:p></p>
<p class="MsoNormal">connect = redacted:443<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">log file<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Dispatching a signal from the signal pipe<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Processing SIGNAL_RELOAD_CONFIG<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Running on Windows 6.2<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG5[main]: Reading configuration from file stunnel.conf<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG5[main]: UTF-8 byte order mark detected<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Compression disabled<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: No PRNG seeding was required<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG6[main]: Initializing service [Service Config]<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: TLS options: 0x02100004 (+0x00000000, -0x00000000)<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: No certificate or private key specified<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG4[main]: Service [Digital-Prod-MTF-FIX-MD] needs authentication to prevent MITM attacks<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG5[main]: Configuration successful<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Deallocating section defaults<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG5[main]: Logging to C:\Users\turnert\AppData\Local\/stunnel.log<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Binding service [New Broker FIX Demo-Trading]<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Listening file descriptor created (FD=1296)<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Setting accept socket options (FD=1296)<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG6[main]: Service [New Broker FIX Demo-Trading] (FD=1296) bound to 127.0.0.1:23471<o:p></o:p></p>
<p class="MsoNormal">2020.04.18 10:08:18 LOG7[main]: Binding service [Service Config]<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<!DOCTYPE html>
<p style="font-size: 8pt;font-family: arial; color:#666;">This message and its attachments are confidential, may not be disclosed or used by any person other than the addressee and are intended only for the named recipient(s). If you are not the intended recipient,
please notify the sender immediately and delete any copies of this message. <br>
<br>
LMAX Group is the holding company of LMAX Exchange, LMAX Global and LMAX Digital. Our registered address is Yellow Building, 1A Nicholas Road, London W11 4AN.</p>
</body>
</html>