On 2/7/06, <b class="gmail_sendername">Michal Trojnara</b> &lt;<a href="mailto:Michal.Trojnara@mobi-com.net">Michal.Trojnara@mobi-com.net</a>&gt; wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
sergei wrote:<br>&gt; Is there any way to make stunnel without &quot;client = yes&quot;<br>&gt; close connection &quot;normal way&quot; with FIN instead of RST ?<br><br>Stunnel resets connections for a reason.<br>Probably it was reset by the other peer.
<br>Check your stunnel log files for details.<br></blockquote></div><br>One reason I can think of is that load-balancer does not speak SSL and
just tries to monitor SSL-speaking stunnel by opening a tcp connection.
Its just like if you telnet to SSL-speaking end of stunnel and
immediately close connection. After receiving FIN from you - stunnel
will send RST back. Telnet does not care but this F5 BigIP does and
takes it as a failure nevermind tha it was actually able to open
connection. On the other hand, say, Apache with mod-ssl does not behave
like that.
<br><br><br>2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=4, (IN)-&gt;()<br>2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=6, (IN)-&gt;()<br>2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=7, (IN)-&gt;(IN)<br>2006.02.07

 11:03:15 LOG7[12097:1]: Context set: 135 (dropped) -&gt; 1<br>2006.02.07 11:03:15 LOG7[12097:1]: Current context: 1<br>2006.02.07 11:03:15 LOG7[12097:1]: Releasing context 135<br>2006.02.07 11:03:15 LOG7[12097:1]: a_service accepted FD=0 from load_balancer:61681
<br>2006.02.07 11:03:15 LOG7[12097:1]: Creating a new context<br>2006.02.07 11:03:15 LOG7[12097:1]: Context 136 created<br>2006.02.07 11:03:15 LOG7[12097:136]: Context swap: 1 -&gt; 136<br>2006.02.07 11:03:15 LOG7[12097:136]: a_service started
<br>2006.02.07 11:03:15 LOG7[12097:136]: FD 0 in non-blocking mode<br>2006.02.07 11:03:15 LOG5[12097:136]: a_service connected from load_balancer:61681<br>2006.02.07 11:03:15 LOG7[12097:136]: SSL state (accept): before/accept initialization
<br>2006.02.07 11:03:15 LOG3[12097:136]: SSL_accept: Peer suddenly disconnected<br>2006.02.07 11:03:15 LOG7[12097:136]: a_service finished (0 left)<br>2006.02.07 11:03:15 LOG5[12097:136]: stack_info: size=65536, current=4348 (6%), maximum=10472 (15%)
<br>2006.02.07 11:03:15 LOG7[12097:136]: Context 136 closed<br>2006.02.07 11:03:15 LOG7[12097:0]: Waiting -1 second(s) for 3 file descriptor(s)<br>2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=4, (IN)-&gt;()<br>2006.02.07

 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=6, (IN)-&gt;(IN)<br>2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=7, (IN)-&gt;()<br>2006.02.07 11:03:15 LOG7[12097:1]: Context set: 136 (dropped) -&gt; 1<br>2006.02.07 11:03:15 LOG7[12097:1]: Current context: 1
<br>2006.02.07 11:03:15 LOG7[12097:1]: Releasing context 136<br>2006.02.07 11:03:15 LOG7[12097:1]: snapws accepted FD=0 from load_balancer:61683<br>2006.02.07 11:03:15 LOG7[12097:1]: Creating a new context<br>2006.02.07 11:03:15 LOG7[12097:1]: Context 137 created
<br>2006.02.07 11:03:15 LOG7[12097:137]: Context swap: 1 -&gt; 137<br>2006.02.07 11:03:15 LOG7[12097:137]: snapws started<br>2006.02.07 11:03:15 LOG7[12097:137]: FD 0 in non-blocking mode<br>2006.02.07 11:03:15 LOG5[12097:137]: snapws connected from load_balancer:61683
<br>2006.02.07 11:03:15 LOG7[12097:137]: SSL state (accept): before/accept initialization<br>2006.02.07 11:03:15 LOG3[12097:137]: SSL_accept: Peer suddenly disconnected<br>2006.02.07 11:03:15 LOG7[12097:137]: snapws finished (0 left)
<br>2006.02.07 11:03:15 LOG5[12097:137]: stack_info: size=65536, current=4348 (6%), maximum=10472 (15%)<br>2006.02.07 11:03:15 LOG7[12097:137]: Context 137 closed<br>2006.02.07 11:03:15 LOG7[12097:0]: Waiting -1 second(s) for 3 file descriptor(s)
<br>