I'm running stunnel version 5.58 on Windows,
everything works perfectly besides that sometimes stunnel gets stuck for 30 seconds -
Nothing special in stunnel log, except for the 30 seconds delay:
2020.12.21 14:48:36 LOG6[8]: TLS connected: previous session reused
2020.12.21 14:48:36 LOG6[8]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption)
2020.12.21 14:48:36 LOG6[8]: Peer temporary key: X25519, 253 bits
2020.12.21 14:48:36 LOG7[8]: Compression: null, expansion: null
2020.12.21 14:48:36 LOG6[8]: Session id: 8E62D0D8EB6359FEA7370E64AA7CC58EF9DB68059A5E01417E7038B773CE60D3
2020.12.21 14:48:36 LOG7[8]: TLS state (connect): SSL negotiation finished successfully
2020.12.21 14:48:36 LOG7[8]: TLS state (connect): SSL negotiation finished successfully
2020.12.21 14:48:36 LOG7[8]: Initializing application specific data for session authenticated
2020.12.21 14:48:36 LOG7[8]: New session callback
2020.12.21 14:48:36 LOG7[8]: Deallocating application specific data for session connect address
2020.12.21 14:48:36 LOG6[8]: Session id: AF8ED185555C6734403C71B514A3F6B75F8484A5AC4EAE6058CFF4D35D929B36
2020.12.21 14:48:36 LOG7[8]: TLS state (connect): SSLv3/TLS read server session ticket
30 sec delay 2020.12.21 14:49:06 LOG6[8]: Read socket closed (readsocket)
2020.12.21 14:49:06 LOG7[8]: Sending close_notify alert
2020.12.21 14:49:06 LOG7[8]: TLS alert (write): warning: close notify
2020.12.21 14:49:06 LOG6[8]: SSL_shutdown successfully sent close_notify alert
2020.12.21 14:49:06 LOG3[8]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
2020.12.21 14:49:06 LOG7[8]: FD=4540 ifds=--x ofds=---
2020.12.21 14:49:06 LOG7[8]: FD=4792 ifds=r-x ofds=---
2020.12.21 14:49:06 LOG5[8]: Connection closed: 64 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.21 14:49:06 LOG7[8]: Remote descriptor (FD=4792) closed
2020.12.21 14:49:06 LOG7[8]: Local descriptor (FD=4540) closed
2020.12.21 14:49:06 LOG7[8]: Service [SLNP pem file] finished (0 left)
log example when stunnel doesn't get stuck: 2020.12.21 14:49:06 LOG6[9]: TLS connected: previous session reused
2020.12.21 14:49:06 LOG6[9]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption)
2020.12.21 14:49:06 LOG6[9]: Peer temporary key: X25519, 253 bits
2020.12.21 14:49:06 LOG7[9]: Compression: null, expansion: null
2020.12.21 14:49:06 LOG6[9]: Session id: AF8ED185555C6734403C71B514A3F6B75F8484A5AC4EAE6058CFF4D35D929B36
2020.12.21 14:49:06 LOG7[9]: TLS state (connect): SSL negotiation finished successfully
2020.12.21 14:49:06 LOG7[9]: TLS state (connect): SSL negotiation finished successfully
2020.12.21 14:49:06 LOG7[9]: Initializing application specific data for session authenticated
2020.12.21 14:49:06 LOG7[9]: New session callback
2020.12.21 14:49:06 LOG7[9]: Deallocating application specific data for session connect address
2020.12.21 14:49:06 LOG6[9]: Session id: 44E9010787EFDBC0FCA92724415AD30EF9EDB626D734D894061606C79CD26402
2020.12.21 14:49:06 LOG7[9]: TLS state (connect): SSLv3/TLS read server session ticket
2020.12.21 14:49:06 LOG6[9]: Read socket closed (readsocket)
2020.12.21 14:49:06 LOG7[9]: Sending close_notify alert
2020.12.21 14:49:06 LOG7[9]: TLS alert (write): warning: close notify
2020.12.21 14:49:06 LOG6[9]: SSL_shutdown successfully sent close_notify alert
2020.12.21 14:49:06 LOG3[9]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
2020.12.21 14:49:06 LOG7[9]: FD=2464 ifds=r-x ofds=---
2020.12.21 14:49:06 LOG7[9]: FD=2788 ifds=--x ofds=---
2020.12.21 14:49:06 LOG5[9]: Connection closed: 64 byte(s) sent to TLS, 108 byte(s) sent to socket
2020.12.21 14:49:06 LOG7[9]: Remote descriptor (FD=2464) closed
2020.12.21 14:49:06 LOG7[9]: Local descriptor (FD=2788) closed
2020.12.21 14:49:06 LOG7[9]: Service [SLNP pem file] finished (0 left)
My stunnel conf:
debug = 7
output = stunnel.log
fips = no
options = NO_SSLv2
[SLNP pem file]
key = SLNP_urmsand01_new.pem
cert = SLNP_urmsand01_new.pem
client = yes
accept = 8003
connect = host:6443
TIMEOUTbusy = 30
TIMEOUTclose = 0
TIMEOUTconnect = 60
TIMEOUTidle = 86400
With the old stunnel(5.14) it doesn’t happen.
Thanks,
Ditty.