Hi,
I have an issue with one connection using stunnel as client.
The purpose is to connect to a server on port 8443. The connection works on the first request. But the second one is always rejected. In the log, I see on the second connection, an attempt to resume and then a handshake
failure. I have tried some different parameters sslVersion, options… but with still the same issue.
As there is no performance issue on this connection, is there any parameter that can stop the resume attempt ?
See below the configuration file and traces of first request (Ok) and second request (NotOK).
Thanks by advance for your help.
Best regards
Jean-Luc DESCHAMPS BERGER
stunnel.conf
------------------------------------------------------
client = yes
output = /GPTO/CCTMP/stunnel.log
debug = 7
[olt]
accept = localhost:8443
connect = 10.75.1.6:8443
verifyChain = no
sslVersion = TLSv1.2
options = NO_SSLv2
options = NO_SSLv3
First connection: OK
------------------------------------------------------------------
2026.03.04 02:00:02 LOG5[0]: Service [olt] accepted connection from 127.0.0.1:58704
2026.03.04 02:00:02 LOG6[0]: s_connect: connecting 10.75.1.6:8443
2026.03.04 02:00:02 LOG7[0]: s_connect: s_poll_wait 10.75.1.6:8443: waiting 10 seconds
2026.03.04 02:00:02 LOG7[0]: FD=6 events=0x2001 revents=0x0
2026.03.04 02:00:02 LOG7[0]: FD=15 events=0x2005 revents=0x0
2026.03.04 02:00:02 LOG5[0]: s_connect: connected 10.75.1.6:8443
2026.03.04 02:00:02 LOG5[0]: Service [olt] connected remote server from 192.168.16.249:42547
2026.03.04 02:00:02 LOG7[0]: Setting remote socket options (FD=15)
2026.03.04 02:00:02 LOG7[0]: Option TCP_NODELAY set on remote socket
2026.03.04 02:00:02 LOG7[0]: Remote descriptor (FD=15) initialized
2026.03.04 02:00:02 LOG6[0]: SNI: sending servername: 10.75.1.6
2026.03.04 02:00:02 LOG7[0]: No previous session to resume
2026.03.04 02:00:02 LOG6[0]: Peer certificate not required
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): before/connect initialization
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 write client hello A
2026.03.04 02:00:02 LOG7[0]: OCSP stapling: Client callback called
2026.03.04 02:00:02 LOG6[0]: OCSP: Certificate chain verification disabled
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read server hello A
2026.03.04 02:00:02 LOG6[0]: CERT: Certificate verification disabled
2026.03.04 02:00:02 LOG6[0]: CERT: Certificate verification disabled
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read server certificate A
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read server key exchange A
2026.03.04 02:00:02 LOG6[0]: Client certificate not requested
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read server done A
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 write client key exchange A
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 write change cipher spec A
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 write finished A
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 flush data
2026.03.04 02:00:02 LOG7[0]: TLS state (connect): SSLv3 read finished A
2026.03.04 02:00:02 LOG7[0]: New session callback
2026.03.04 02:00:02 LOG7[0]: Peer certificate was cached (1241 bytes)
2026.03.04 02:00:02 LOG6[0]: Session id: A8CFAD0D0E7D060D56EFF5045F8E1570727951423AB00D7CF70B4E4423396293
2026.03.04 02:00:02 LOG7[0]: 1 client connect(s) requested
2026.03.04 02:00:02 LOG7[0]: 1 client connect(s) succeeded
2026.03.04 02:00:02 LOG7[0]: 0 client renegotiation(s) requested
2026.03.04 02:00:02 LOG7[0]: 0 session reuse(s)
2026.03.04 02:00:02 LOG6[0]: TLS connected: new session negotiated
2026.03.04 02:00:02 LOG6[0]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2026.03.04 02:00:02 LOG7[0]: Compression: null, expansion: null
2026.03.04 02:00:02 LOG6[0]: Read socket closed (readsocket)
2026.03.04 02:00:02 LOG7[0]: Sending close_notify alert
2026.03.04 02:00:02 LOG7[0]: TLS alert (write): warning: close notify
2026.03.04 02:00:02 LOG6[0]: SSL_shutdown successfully sent close_notify alert
2026.03.04 02:00:02 LOG6[0]: transfer: SSL_read: Socket is closed
2026.03.04 02:00:02 LOG6[0]: TLS socket closed (SSL_read)
2026.03.04 02:00:02 LOG7[0]: Sent socket write shutdown
2026.03.04 02:00:02 LOG5[0]: Connection closed: 593 byte(s) sent to TLS, 704 byte(s) sent to socket
Second connection: notOK
-------------------------------------------------------------------------------------------------------------
2026.03.04 02:00:04 LOG5[1]: Service [olt] accepted connection from 127.0.0.1:58710
2026.03.04 02:00:04 LOG6[1]: s_connect: connecting 10.75.1.6:8443
2026.03.04 02:00:04 LOG7[1]: s_connect: s_poll_wait 10.75.1.6:8443: waiting 10 seconds
2026.03.04 02:00:04 LOG7[1]: FD=6 events=0x2001 revents=0x0
2026.03.04 02:00:04 LOG7[1]: FD=15 events=0x2005 revents=0x0
2026.03.04 02:00:04 LOG5[1]: s_connect: connected 10.75.1.6:8443
2026.03.04 02:00:04 LOG5[1]: Service [olt] connected remote server from 192.168.16.249:42553
2026.03.04 02:00:04 LOG7[1]: Setting remote socket options (FD=15)
2026.03.04 02:00:04 LOG7[1]: Option TCP_NODELAY set on remote socket
2026.03.04 02:00:04 LOG7[1]: Remote descriptor (FD=15) initialized
2026.03.04 02:00:04 LOG6[1]: SNI: sending servername: 10.75.1.6
2026.03.04 02:00:04 LOG6[1]: Attempting to resume: A8CFAD0D0E7D060D56EFF5045F8E1570727951423AB00D7CF70B4E4423396293
2026.03.04 02:00:04 LOG6[1]: Peer certificate not required
2026.03.04 02:00:04 LOG7[1]: TLS state (connect): before/connect initialization
2026.03.04 02:00:04 LOG7[1]: TLS state (connect): SSLv3 write client hello A
2026.03.04 02:00:04 LOG7[1]: TLS alert (read): fatal: handshake failure
2026.03.04 02:00:04 LOG3[1]: SSL_connect: s3_pkt.c:1259: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: client 127.0.0.1:58710
2026.03.04 02:00:04 LOG5[1]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2026.03.04 02:00:04 LOG7[1]: Remote descriptor (FD=15) closed
2026.03.04 02:00:04 LOG7[1]: local_rfd/local_wfd reset (FD=3)
2026.03.04 02:00:04 LOG7[1]: Local descriptor (FD=3) closed
2026.03.04 02:00:04 LOG7[1]: Service [olt] finished (0 left)