I am attempting to use stunnel to encrypt traffic between our backup client (Window2008R2) and our NetApp filer, but I’m not having any luck

We would like to use the stunnel to redirect the port 80 calls to the filer (ubfs2.buffalo.edu) to port 443.

Be design, the backup client (IBM Tivoli/TSM V6.2.4) makes a call to the Netapp over http.admin interface to tell it to create a snapshot.

The filer listens on https.admin (not http.admin), and we don’t want to turn on http.admin for security reasons.

I’ve included the stunnel.config file, hosts file,  and the output below.

If anyone could give us a hand here it would be much appreciated.

We tested this config on a Mac laptop and it works just fine, so I would assume that it has something to do with Windows2008R2

 

Stunnel.config

 

debug = 7

client = yes

 

[snapdiff]

accept = localhost:80

connect = 128.205.5.55:443

sslVersion = all

 

hosts

 

127.0.0.1       localhost ubfs2.buffalo.edu

 

output

 

7[1596:4336]: No limit detected for the number of clients

2012.01.27 15:16:30 LOG5[1596:4336]: stunnel 4.52 on x86-pc-mingw32-gnu platform

2012.01.27 15:16:30 LOG5[1596:4336]: Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012

2012.01.27 15:16:30 LOG5[1596:4336]: Threading:WIN32 SSL:ENGINE,FIPS Auth:none Sockets:SELECT,IPv6

2012.01.27 15:16:30 LOG5[1596:4336]: Reading configuration from file stunnel.conf

2012.01.27 15:16:30 LOG5[1596:4336]: FIPS mode is enabled

2012.01.27 15:16:30 LOG7[1596:4336]: Compression not enabled

2012.01.27 15:16:30 LOG7[1596:4336]: Snagged 64 random bytes from C:/.rnd

2012.01.27 15:16:30 LOG7[1596:4336]: Wrote 1024 new random bytes to C:/.rnd

2012.01.27 15:16:30 LOG7[1596:4336]: PRNG seeded successfully

2012.01.27 15:16:31 LOG6[1596:4336]: Initializing SSL context for service snapdiff

2012.01.27 15:16:31 LOG7[1596:4336]: SSL options set: 0x00000004

2012.01.27 15:16:31 LOG6[1596:4336]: SSL context initialized

2012.01.27 15:16:31 LOG5[1596:4336]: Configuration successful

2012.01.27 15:16:31 LOG7[1596:4336]: Service snapdiff bound FD=396 to 127.0.0.1:80

2012.01.27 15:16:40 LOG7[1596:4336]: Service snapdiff accepted FD=452 from 127.0.0.1:51366

2012.01.27 15:16:40 LOG7[1596:4336]: Creating a new thread

2012.01.27 15:16:40 LOG7[1596:4336]: New thread created

2012.01.27 15:16:40 LOG7[1596:4336]: Service snapdiff accepted FD=460 from 127.0.0.1:51367

2012.01.27 15:16:40 LOG7[1596:4336]: Creating a new thread

2012.01.27 15:16:40 LOG7[1596:4336]: New thread created

2012.01.27 15:16:40 LOG7[1596:5080]: Service snapdiff started

2012.01.27 15:16:40 LOG5[1596:5080]: Service snapdiff accepted connection from 127.0.0.1:51366

2012.01.27 15:16:40 LOG6[1596:5080]: connect_blocking: connecting 128.205.5.55:443

2012.01.27 15:16:40 LOG7[1596:5080]: connect_blocking: s_poll_wait 128.205.5.55:443: waiting 10 seconds

2012.01.27 15:16:40 LOG7[1596:4720]: Service snapdiff started

2012.01.27 15:16:40 LOG5[1596:4720]: Service snapdiff accepted connection from 127.0.0.1:51367

2012.01.27 15:16:40 LOG6[1596:4720]: connect_blocking: connecting 128.205.5.55:443

2012.01.27 15:16:40 LOG7[1596:4720]: connect_blocking: s_poll_wait 128.205.5.55:443: waiting 10 seconds

2012.01.27 15:16:40 LOG5[1596:4720]: connect_blocking: connected 128.205.5.55:443

2012.01.27 15:16:40 LOG5[1596:4720]: Service snapdiff connected remote server from 128.205.4.234:51369

2012.01.27 15:16:40 LOG7[1596:4720]: Remote FD=508 initialized

2012.01.27 15:16:40 LOG3[1596:4720]: SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

2012.01.27 15:16:40 LOG5[1596:4720]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

2012.01.27 15:16:40 LOG7[1596:4720]: Service snapdiff finished (1 left)

2012.01.27 15:16:43 LOG5[1596:5080]: connect_blocking: connected 128.205.5.55:443

2012.01.27 15:16:43 LOG5[1596:5080]: Service snapdiff connected remote server from 128.205.4.234:51368

2012.01.27 15:16:43 LOG7[1596:5080]: Remote FD=480 initialized

2012.01.27 15:16:43 LOG3[1596:5080]: SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

2012.01.27 15:16:43 LOG5[1596:5080]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

2012.01.27 15:16:43 LOG7[1596:5080]: Service snapdiff finished (0 left)