[stunnel-users] Windows 7 connection to HTTPS server

Daniel Pierce dpierce at xpertassist.com
Sat Jul 9 05:16:24 CEST 2011

stunnel user group,
Thanks Yucong Sun or your help.  I have changed the configuration file
values to the values that you recommended.  I didn't read the documentation
careful enough.
accept = 3600
connect = partnerlogin.advancedmd.com
sp> :443
(stopped and started the windows service to get the new configuration)
I'm still not getting stunnel to provide the interface to the https web
I have a http client software which I have tried both GET and POST calls to
Every time the interface comes back with the error "The Connection to the
Server was Reset while the Page was Loading"
So I decided to try the page using a standard web browser (Firefox and IE)
thinking that my client software may have a problem.  
I opened the browser and entered the address
Got the same results.
So I changed the configuration to go to the same web site as gmail with the
following configuration.
accept = 3600
connect = mail.google.com:443
When I try to open the page with the browser to address
<blocked::https://localhost:3600/mail/?hl=en&shva=1#inbox> &shva=1#inbox,  I
get the same error message.
I started WIRESHARK on the network and filtered for packets coming from/to
my host computer.
When I enter https://localhost:3600/mail/?hl=en
<blocked::https://localhost:3600/mail/?hl=en&shva=1#inbox> &shva=1#inbox on
the browser.  The following details were captured by WIRESHARK.
Source        Destination              Protocol        Lenth        Info      TLSV1         107            Application
Data Protocol: http    TCP              54            https
[ACK] Seq=1 Ack=54 win=16181 Len=0      TLSV1         112            Application
Data Protocol: http    TLSV1          81            Encrypted
Alert    TCP             54            60089 >
https [FIN, ACK] Seq=28 Ack=112 win=16167 Len=0    TCP           1484           [TCP segment
of a reassembled PDU]    TLSv1          316            Application
Data      TCP             60            https >
60089 [FIN, ACK] Seq=112 Ack=29 win=196 len=0    TCP              54            60089 >
https [ACK] Seq=29 Ack=113 win=16167 Len=0      TCP             60            https >
60113 [ACK] Seq=1 Ack=1693 win=285 len=0      TLSV1         457            Application
Data Protocol: http    TCP             54           60113 >
https [ACK] Seq=1693 Ack=404 win=16445 Len=0
SO the packets are  being sent and returned, but the protocol is erroring
out for GOOGLE MAIL.
When I configure the service for the other https web server.
I get a simular exchange, but more reference to change cipher Spec. and http
RST for different ip address
Source        Destination              Protocol        Lenth        Info    TCP              66            60840 >
https [SYN]      TCP              66            https >
60840 [SYN, ACK]    TCP              54            60840 >
https [ACK]   TLSv1            451           client
Hello      TCP              60            https >
60840 [ACK]     TLSv1            97            change
cipher Spec, Encrypted Handshake Message   TLSv1            162          Application
Data      TCP              60            https >
60840 [ACK]      TCP              54            60819 >
http [RST, ACK]
STUNNEL LOG for partnerlogin.advancedmd.com:443  NO OBVIOUS ERRORS
2011.07.08 21:31:21 LOG7[4960:4568]: No limit detected for the number of
2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_socket#1: FD=144
allocated (blocking mode)
2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_socket#2: FD=148
allocated (blocking mode)
2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_accept: FD=152
allocated (non-blocking mode)
2011.07.08 21:31:21 LOG5[4960:4568]: stunnel 4.39 on x86-pc-mingw32-gnu
2011.07.08 21:31:21 LOG5[4960:4568]: Compiled/running with OpenSSL 1.0.0d 8
Feb 2011
2011.07.08 21:31:21 LOG5[4960:4568]: Threading:WIN32 SSL:ENGINE Auth:none
2011.07.08 21:31:21 LOG5[4960:4568]: Reading configuration from file
2011.07.08 21:31:21 LOG7[4960:4568]: Snagged 64 random bytes from C:/.rnd
2011.07.08 21:31:22 LOG7[4960:4568]: Wrote 1024 new random bytes to C:/.rnd
2011.07.08 21:31:22 LOG7[4960:4568]: PRNG seeded successfully
2011.07.08 21:31:22 LOG7[4960:4568]: Configuration SSL options: 0x01000000
2011.07.08 21:31:22 LOG7[4960:4568]: SSL options set: 0x01000004
2011.07.08 21:31:22 LOG7[4960:4568]: Certificate: stunnel.pem
2011.07.08 21:31:22 LOG7[4960:4568]: Certificate loaded
2011.07.08 21:31:22 LOG7[4960:4568]: Key file: stunnel.pem
2011.07.08 21:31:22 LOG7[4960:4568]: Private key loaded
2011.07.08 21:31:22 LOG7[4960:4568]: SSL context initialized for service
2011.07.08 21:31:22 LOG5[4960:4568]: Configuration successful
2011.07.08 21:31:22 LOG7[4960:4568]: accept socket: FD=144 allocated
(non-blocking mode)
2011.07.08 21:31:22 LOG7[4960:4568]: Option SO_REUSEADDR set on accept
2011.07.08 21:31:22 LOG7[4960:4568]: Service http bound to
2011.07.08 21:31:22 LOG7[4960:4568]: Service http opened FD=144
Do I need to have the Public Key Certificate for the remote serve installed
in stunnel for it to access the page?
I'm trying to find a simple configuration to prove out that the basic
stunnel application is working. Any suggestions?
Is there something basic that I'm missing?
If I send a GET request, I should get a response from the https server that
CONNECT is configurred for.
Is there a compatibility issue between OpenSSL and https web server?
Thanks in advance for the help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110708/858d7912/attachment.html>

More information about the stunnel-users mailing list