[stunnel-users] STunnel Connection closed: 150 byte(s) sent to SSL, 0 byte(s) sent to socket

Graham Nayler (work) graham.nayler at hallmarq.net
Mon Oct 6 16:51:51 CEST 2014


Vivek,

"Problem is stunnel is receiving the data from Client but this data is not 
being forwarded to server"
No it is not. From the evidence provided by you: (Connection closed: 150 
byte(s) sent to SSL, 0 byte(s) sent to socket) the message has been passed 
on to the server, but it has responded by shutting down the link without 
returning any data. This is what was confirmed by Michal in his tests using 
"openssl s_client...." and "curl ....". I've also just tried acceessing that 
server from a browser and got "No data received".

Now it's possible/likely that neither Michal nor myself have sent the server 
anything that would return valid data, so there is other information you 
need to provide.
What are you sending to the server and what return to you expect? You need 
to post that (obviously something not commercially sensitive)
Do you have an application that IS receiving data from that server not using 
stunnel?
I see that trade.lmaxtrader.com responds with a login screen. Is the 
fix-md-ate url only available after some kind of login? Or do you need to 
provide it with a specific certificate to get an authorized response?

(The next two are highly unlikely, if this is part of LMAX which appears to 
be a sizeable organisation)
Do you have any control over how that server is implemented?
If the server is securing its end of the conversation with Stunnel, it's 
possible that there is a bug there: Stunnel 5.xx prior to 5.05 had a race 
condition bug whereby it may close the connection without returning data. 
That has now been fixed in 5.05...but it may be worth checking.

The problem is most likely something wrong with what you (and we) are 
sending, or you need to contact the owner of the server site. (I only looked 
at your problem because it has the same symptoms I had with the server-side 
bug, but it's not likely that this is your problem)

Graham


----- Original Message ----- 
From: "Vivek Gupta" <vivek at ltecindia.com>
To: "Michal Trojnara" <Michal.Trojnara at mirt.net>
Cc: <stunnel-users at stunnel.org>
Sent: Monday, October 06, 2014 1:33 PM
Subject: Re: [stunnel-users] STunnel Connection closed: 150 byte(s) sent to 
SSL, 0 byte(s) sent to socket


> Hi Michal
>
> Problem is stunnel is receiving the data from Client but this data is not
> being forwarded to server and then connection is closed. I am stuck in
> that.
>
> My config options is as follows:
>
> fips = yes
> cert = stunnel.pem
> key = stunnel.pem
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> client = yes
> accept = 127.0.0.1:40003
> connect = fix-md-ate.lmaxtrader.com:443
>
> Thanks & Regards
> Vivek Gupta
> 9971514343
>
>
> On Mon, October 6, 2014 5:17 pm, Michal Trojnara wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> Hi Vivek,
>>
>>
>> I tried connecting fix-md-ate.lmaxtrader.com:443 with s_client:
>> $ openssl s_client -connect fix-md-ate.lmaxtrader.com:443 -tls1
>>
>>
>> The service behaves the same way as with stunnel: it negotiates TLS,
>> and then disconnects the TCP session without sending any data.  I cannot
>> see any stunnel error here.
>>
>> Another example:
>> $ curl -1 https://fix-md-ate.lmaxtrader.com
>> curl: (52) Empty reply from server
>>
>>
>> Mike
>>
>>
>> Vivek Gupta wrote:
>>
>>> Hi
>>>
>>>
>>> I am using sTunnel for communication betweem my TCP client and a
>>> remote SERVER but I am getting error as always-
>>>
>>> Signal pipe is empty Service [LMAX-fix-tunnel-DEMO-MktData]
>>> accepted (FD=348) from 127.0.0.1:55919 2014.10.06 :34:56 LOG7[4220]:
>>> Creating a new thread New thread created Service
>>> [LMAX-fix-tunnel-DEMO-MktData] started Service
>>> [LMAX-fix-tunnel-DEMO-MktData] accepted connection from
>>> 127.0.0.1:55919 s_connect: connecting 91.215.165.69:443 s_connect:
>>> s_poll_wait 91.215.165.69:443: waiting 10 seconds s_connect: connected
>>> 91.215.165.69:443 Service [LMAX-fix-tunnel-DEMO-MktData]
>>> connected remote server from 192.168.1.5:55920 Remote socket (FD=352)
>>> initialized SNI: sending servername: fix-md-ate.lmaxtrader.com SSL state
>>> (connect): before/connect
>>> initialization SSL state (connect): SSLv3 write client hello A SSL state
>>> (connect): SSLv3 read server hello A SSL state (connect):
>>> SSLv3 read server certificate A SSL state (connect): SSLv3 read
>>> server done A SSL state (connect): SSLv3 write client key exchange A SSL
>>> state (connect): SSLv3 write change cipher spec A SSL state (connect):
>>> SSLv3 write finished A SSL state (connect): SSLv3 flush
>>> data SSL state (connect): SSLv3 read finished A 1 items in the session
>>> cache 1 client connects (SSL_connect()) 1 client connects that finished
>>> 0 client renegotiations requested 0 server connects (SSL_accept()) 0
>>> server connects that finished 0 server renegotiations requested 0
>>> session cache hits 0 external session cache hits 0 session cache misses
>>> 0 session cache timeouts Peer certificate was cached (3944 bytes) SSL
>>> connected: new session
>>> negotiated Negotiated TLSv1/SSLv3 ciphersuite: AES128-SHA (128-bit
>>> encryption) Compression: null, expansion: null SSL_read returned
>>> WANT_READ: retrying SSL socket closed (SSL_read) Sent socket write
>>> shutdown Connection closed: 150 byte(s) sent to SSL, 0 byte(s) sent to
>>> socket Remote socket (FD=352) closed Local socket (FD=348) closed
>>> Service [LMAX-fix-tunnel-DEMO-MktData] finished (0 left)
>>>
>>>
>>> Please suggest. _______________________________________________
>>> stunnel-users mailing list stunnel-users at stunnel.org
>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>
>>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>>
>> iEYEARECAAYFAlQygVoACgkQ/NU+nXTHMtHRAQCeP6yfrYGrP4bBt1T2CnNR8lhK
>> abQAoKeGCx2RqhefgIoVDdrInjK6TxUx =MHiJ
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> stunnel-users mailing list stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 




More information about the stunnel-users mailing list