[stunnel-users] stunnel closing connections with RST ?

Tue Feb 7 20:19:06 CET 2006

On 2/7/06, Michal Trojnara <Michal.Trojnara at mobi-com.net> wrote:
>
> sergei wrote:
> > Is there any way to make stunnel without "client = yes"
> > close connection "normal way" with FIN instead of RST ?
>
> Stunnel resets connections for a reason.
> Probably it was reset by the other peer.
> Check your stunnel log files for details.
>

One reason I can think of is that load-balancer does not speak SSL and just
tries to monitor SSL-speaking stunnel by opening a tcp connection. Its just
like if you telnet to SSL-speaking end of stunnel and immediately close
connection. After receiving FIN from you - stunnel will send RST back.
Telnet does not care but this F5 BigIP does and takes it as a failure
nevermind tha it was actually able to open connection. On the other hand,
say, Apache with mod-ssl does not behave like that.

2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=4, (IN)->()
2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=6, (IN)->()
2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=7, (IN)->(IN)
2006.02.07 11:03:15 LOG7[12097:1]: Context set: 135 (dropped) -> 1
2006.02.07 11:03:15 LOG7[12097:1]: Current context: 1
2006.02.07 11:03:15 LOG7[12097:1]: Releasing context 135
2006.02.07 11:03:15 LOG7[12097:1]: a_service accepted FD=0 from
load_balancer:61681
2006.02.07 11:03:15 LOG7[12097:1]: Creating a new context
2006.02.07 11:03:15 LOG7[12097:1]: Context 136 created
2006.02.07 11:03:15 LOG7[12097:136]: Context swap: 1 -> 136
2006.02.07 11:03:15 LOG7[12097:136]: a_service started
2006.02.07 11:03:15 LOG7[12097:136]: FD 0 in non-blocking mode
2006.02.07 11:03:15 LOG5[12097:136]: a_service connected from
load_balancer:61681
2006.02.07 11:03:15 LOG7[12097:136]: SSL state (accept): before/accept
initialization
2006.02.07 11:03:15 LOG3[12097:136]: SSL_accept: Peer suddenly disconnected
2006.02.07 11:03:15 LOG7[12097:136]: a_service finished (0 left)
2006.02.07 11:03:15 LOG5[12097:136]: stack_info: size=65536, current=4348
(6%), maximum=10472 (15%)
2006.02.07 11:03:15 LOG7[12097:136]: Context 136 closed
2006.02.07 11:03:15 LOG7[12097:0]: Waiting -1 second(s) for 3 file
descriptor(s)
2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=4, (IN)->()
2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=6, (IN)->(IN)
2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=7, (IN)->()
2006.02.07 11:03:15 LOG7[12097:1]: Context set: 136 (dropped) -> 1
2006.02.07 11:03:15 LOG7[12097:1]: Current context: 1
2006.02.07 11:03:15 LOG7[12097:1]: Releasing context 136
2006.02.07 11:03:15 LOG7[12097:1]: snapws accepted FD=0 from
load_balancer:61683
2006.02.07 11:03:15 LOG7[12097:1]: Creating a new context
2006.02.07 11:03:15 LOG7[12097:1]: Context 137 created
2006.02.07 11:03:15 LOG7[12097:137]: Context swap: 1 -> 137
2006.02.07 11:03:15 LOG7[12097:137]: snapws started
2006.02.07 11:03:15 LOG7[12097:137]: FD 0 in non-blocking mode
2006.02.07 11:03:15 LOG5[12097:137]: snapws connected from
load_balancer:61683
2006.02.07 11:03:15 LOG7[12097:137]: SSL state (accept): before/accept
initialization
2006.02.07 11:03:15 LOG3[12097:137]: SSL_accept: Peer suddenly disconnected
2006.02.07 11:03:15 LOG7[12097:137]: snapws finished (0 left)
2006.02.07 11:03:15 LOG5[12097:137]: stack_info: size=65536, current=4348
(6%), maximum=10472 (15%)
2006.02.07 11:03:15 LOG7[12097:137]: Context 137 closed
2006.02.07 11:03:15 LOG7[12097:0]: Waiting -1 second(s) for 3 file
descriptor(s)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20060207/aa116fa2/attachment.html>