stunnel-users

3306 discussions

Stunnel - how to block IPs?
by James Brown 03 Sep '20

03 Sep '20

Just wondering if there is a way to have Stunnel not accept connection from certain IPs? stunnel -version stunnel 5.56 on x86_64-apple-darwin18.7.0 platform Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI Thanks, James.

1 0

TLS1.0 fallback when only TLS1.2 allowed
by Wojciech Machula 31 Aug '20

31 Aug '20

So I've configured my stunnel to only use TLS1.2 and usually works ok. However when client gets some bad L7 response it send a TCP RST, after which all subsequent stunnel TLS Client Hellos are some hybrid of TLS1.0/TLS1.2, as can be seen in tshark output below. Once I restart the whole stunnel process subsequent TLS handshakes work fine using TLS1.2, until the next client RST is received. $ stunnel -version stunnel 4.56 on x86_64-redhat-linux-gnu platform $ cat /etc/centos-release CentOS Linux release 7.8.2003 (Core) $cat /etc/stunnel/dsr2rtcg-stunnel.conf output = /var/log/stunnel pid = /etc/stunnel/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [poc] cert = /etc/pki/tls/certs/stunnel/aaa.crt key = /etc/pki/tls/private/stunnel/aaa.key CAfile = /etc/pki/tls/certs/stunnel/bbb.crt client = yes sslVersion = TLSv1.2 options = NO_TLSv1 accept = 172.18.180.78:45154 connect = 10.74.0.196:45154 ciphers = TLSv1.2+HIGH:!aNULL $ tshark -nn -V -d tcp.port==45154,ssl -r 20200729_09:42:44-port45154.pcap -2R "ssl.handshake" -c 1 | grep -i tls -B3 Secure Sockets Layer SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) -- Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 1610 Version: TLS 1.2 (0x0303)

6 14

Sslkeylog
by Brent Kimberley 22 Aug '20

22 Aug '20

>>Any suggestions on sslkeylog via stunnel application Call SSL_CTX_set_keylog_callback() !? On Thu, Aug 13, 2020, 16:44 tayyib ahmed <tayyib76(a)gmail.com> wrote: > Hi Guys > > Is there any option to set sslkeylog to get ssl session id for stunnel > session? > > Br xx >

2 2

How to archive DNS load balance in stunnel client?
by Peter Zhao 22 Aug '20

22 Aug '20

Hi, We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache? Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log [service-client] client = yes accept = localhost:4680 connect = service.example.com:4680 [service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80 Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8

3 3

Sslkeylog
by tayyib ahmed 16 Aug '20

16 Aug '20

Hi Guys Is there any option to set sslkeylog to get ssl session id for stunnel session? Br xx

1 1

Stunnel 5.56 Windows 10 Service - Not functioning after Reboot
by Rod Marr 16 Aug '20

16 Aug '20

Hi all, I have installed Stunnel 5.56 win64 on a fully updated Windows 10 machine to work with Blue Iris. Stunnel operates well when I manually start it however I cannot get it to work automatically after a reboot. I have run the run the “stunnel Service Install” and “stunnel Service Start” shortcuts supplied, and in the first instance the service installs and starts. I can then connect through Stunnel to my Blue Iris server. I have found that after I reboot, the Stunnel service appears to start automatically but it is not functional. I cannot connect through it to Blue Iris. Stunnel is visible and Running in the Windows 10 Services list (from services.msc) and the Windows Task Manager shows a Process and Service active. To rectify this I can manually issue the “stunnel Service Stop”, followed by the “stunnel Service Start” shortcuts and the service becomes functional again. I have tried turning on debug info and the stunnel log file in stunnel.conf and see that log entries only begin after I have done the stop/start manual process. Thanks for any insight to what I’m sure I am missing here. Rod Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

2 2

Sslkeylog
by Brent Kimberley 14 Aug '20

14 Aug '20

No sign of SSL_CTX_set_keylog_callback()... Date: Thu, 13 Aug 2020 16:44:22 +0100 From: tayyib ahmed <tayyib76(a)gmail.com> To: stunnel-users(a)stunnel.org Subject:Hi Guys Is there any option to set sslkeylog to get ssl session id for stunnel session? Br xx

1 0

Timeout issues
by gorf＠hyperfunk.club 05 Aug '20

05 Aug '20

Hi, I'm using stunnel v5.56 on FreeBSD to proxy connections to a web server (running Apache), for a small number of users. Users connecting to the service keep running into issues with timeouts. I see timeout errors in the stunnel log messages: services stunnel[7510]: LOG3[188]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing I tried changing stunnel to use the proxy protocol and enabled it on Apache, too. I don't know if that will help but at least then the web server gets the correct, remote IP address. Can anyone offer ideas/suggestions to fix this problem? Is there anything I can test or check to help diagnose the issue? The configuration is very basic: [apache] accept = 20888 protocol = proxy connect = 192.168.0.10:8000 PSKsecrets = /usr/local/etc/psksecrets.txt

1 0

Getting incoming Exchange online (Office 365) emails to go to port 110 and not 995
by Brent Kimberley 23 Jul '20

23 Jul '20

Office365 IMAP4S + POP3S is dropping legacy authentication in favour of OAUTH2.0 authentication -- effective October 2020. (Some may have longer.) How do you you plan to migrate to authentication? Do you plan to upgrade your client(s) or inject an OAUTH2.0 transparent proxy ? ---------------------------------------------------------------------- Message: 1 Date: Thu, 23 Jul 2020 01:22:06 +0000 From: Mel Gilbert <m.gilbert(a)baymedicalgroup.com.au> To: "stunnel-users(a)stunnel.org" <stunnel-users(a)stunnel.org> Subject: Re: [stunnel-users] Getting incoming Exchange online (Office 365) emails to go to port 110 and not 995 Message-ID: <SY4P282MB074766F32238B92A3D951499C1760(a)SY4P282MB0747.AUSP282.PROD.OUTLOOK.COM> Content-Type: text/plain; charset="us-ascii" Hi Trying to get an application with inbuilt email to receive emails using POP and port 110. However we use Office 365 and I have tried below config but it is not working. I want people to send email to an Exchange Online Account port 995 and it gets forwarded on to the email app on port 110 client = yes output = stunnel-log.txt debug=7 taskbar=yes [POP3 Incoming] accept = 110 connect = Outlook.office365.com:995 cert = stunnel.pem [SMTP Outgoing] protocol = smtp accept = 25 connect = smtp.office365.com:587 cert = stunnel.pem The outgoing email works fine using SMTP relay that I've set up on Office 365 but cant get the incoming emails to work. Any help would be appreciated Thanks Mel

1 0

Re: [stunnel-users] Getting incoming Exchange online (Office 365) emails to go to port 110 and not 995
by Mel Gilbert 23 Jul '20

23 Jul '20

Hi Trying to get an application with inbuilt email to receive emails using POP and port 110. However we use Office 365 and I have tried below config but it is not working. I want people to send email to an Exchange Online Account port 995 and it gets forwarded on to the email app on port 110 client = yes output = stunnel-log.txt debug=7 taskbar=yes [POP3 Incoming] accept = 110 connect = Outlook.office365.com:995 cert = stunnel.pem [SMTP Outgoing] protocol = smtp accept = 25 connect = smtp.office365.com:587 cert = stunnel.pem The outgoing email works fine using SMTP relay that I've set up on Office 365 but cant get the incoming emails to work. Any help would be appreciated Thanks Mel

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users