[stunnel-users] Strange Stunnel crash (no errors, issues, anything)

Alfred Kernaghan alfakern at gmail.com
Fri May 17 01:14:43 CEST 2013

Hi all,

Don't want to be a nuisance and repost, but I'm really having an issue

As a test, I've tried stud (https://github.com/bumptech/stud), and apart
from the fact with the default combination the ciphers and security are
incorrect (BEAST/CRIME vulnerable), the issue doesn't seem to exhibit
itself at all.  Yet without fail every time I test it with stunnel on, it
hard crashes silently whilst going through the test.  I did this test as I
wanted to check if it was an issue with my build of stunnel, or something
further down the stack (openssl/libcrypto, etc), however this could be a
misnomer as there may be a corrupt library/dependency that stunnel is using
that stud doesn't.

I've confirmed that the packages are the same on both servers, the first
(former primary) crashes predictably, the second is perfectly fine.
 Running stunnel with debug logging (7) on returns nothing of note, just
shows the last connection.  And I also seem to not get anything useful
tracing the crash with strace.

Finally, I've tried downgrading stunnel, as well as trying a new build
(4.56), then finally rebooting the machine (hey, it should work...
right?!), but I'm still seeing the same behaviour.

Short of wiping the machine completely and re-installing, can anyone think
of anything else I can try?


On Thu, May 9, 2013 at 6:32 PM, Alfred Kernaghan <alfakern at gmail.com> wrote:

> Hi,
> Long time lurker, new poster though!
> I've got two servers running Stunnel v2.54 (yet to upgrade as I've been
> waiting for an x-forwardfor patch to become available).  I noticed recently
> that one Stunnel nodes had exited, requiring a restart.  I'm not sure if
> it's a co-incidence, but I've only just changed the cert on both installs
> last night.
> This, of course, is very concerning as it's only just become a problem,
> but being the core SSL endpoint, it knocks our server offline until it's
> restarted.
> Now comes the interesting bit, I've run the SSL Labs SSL Health check at
> https://www.ssllabs.com/ssltest/ just to see if anything comes out of it,
> and noticed that without fail every time it runs (and the first server is
> online) it'll know Stunnel offline as it goes through it's tests:
> *"Testing TLS v1.0...."
> "Testing TLS v1.2...."*
> This was noticed by a fluke, but appears to happen every time I restart
> and then rerun the test.
> I'm not getting any segfaults, or errors from stunnel, and it only affects
> the one (primary) server.  Can anyone shed any light as to what might be
> causing it, how I can get any more info out of stunnel, or better yet, fix
> it completely?
> Thanks all
> Alfie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130517/f4569f38/attachment.html>

More information about the stunnel-users mailing list