[stunnel-users] STunnel Connection closed: 150 byte(s) sent to SSL, 0 byte(s) sent to socket

Vivek Gupta vivek at ltecindia.com
Tue Oct 7 07:17:10 CEST 2014


Hi

Server's response of closing the connection is solved by mentioning CAfile
= C:\Program Files (x86)\stunnel\peer-LMAX-fix-tunnel-DEMO-MktData.pem in
conf file but now I am getting "CERT: Verification error: unable to get
local issuer certificate" error.

Please suggest how to solve it.

Thanks&Regards
Vivek Gupta
9971514343

On Mon, October 6, 2014 8:21 pm, Graham Nayler \(work\) wrote:
> Vivek,
>
>
> "Problem is stunnel is receiving the data from Client but this data is
> not being forwarded to server" No it is not. From the evidence provided by
> you: (Connection closed: 150
> byte(s) sent to SSL, 0 byte(s) sent to socket) the message has been passed
>  on to the server, but it has responded by shutting down the link without
>  returning any data. This is what was confirmed by Michal in his tests
> using "openssl s_client...." and "curl ....". I've also just tried
> acceessing that server from a browser and got "No data received".
>
> Now it's possible/likely that neither Michal nor myself have sent the
> server anything that would return valid data, so there is other
> information you need to provide. What are you sending to the server and
> what return to you expect? You need to post that (obviously something not
> commercially sensitive) Do you have an application that IS receiving data
> from that server not using stunnel? I see that trade.lmaxtrader.com
> responds with a login screen. Is the fix-md-ate url only available after
> some kind of login? Or do you need to provide it with a specific
> certificate to get an authorized response?
>
> (The next two are highly unlikely, if this is part of LMAX which appears
> to be a sizeable organisation) Do you have any control over how that server
> is implemented? If the server is securing its end of the conversation with
> Stunnel, it's
> possible that there is a bug there: Stunnel 5.xx prior to 5.05 had a race
> condition bug whereby it may close the connection without returning data.
>  That has now been fixed in 5.05...but it may be worth checking.
>
>
> The problem is most likely something wrong with what you (and we) are
> sending, or you need to contact the owner of the server site. (I only
> looked at your problem because it has the same symptoms I had with the
> server-side bug, but it's not likely that this is your problem)
>
> Graham
>
>
>
> ----- Original Message -----
> From: "Vivek Gupta" <vivek at ltecindia.com>
> To: "Michal Trojnara" <Michal.Trojnara at mirt.net>
> Cc: <stunnel-users at stunnel.org>
> Sent: Monday, October 06, 2014 1:33 PM
> Subject: Re: [stunnel-users] STunnel Connection closed: 150 byte(s) sent
> to SSL, 0 byte(s) sent to socket
>
>
>
>> Hi Michal
>>
>>
>> Problem is stunnel is receiving the data from Client but this data is
>> not being forwarded to server and then connection is closed. I am stuck
>> in that.
>>
>> My config options is as follows:
>>
>>
>> fips = yes cert = stunnel.pem key = stunnel.pem socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1 client = yes accept = 127.0.0.1:40003 connect =
>> fix-md-ate.lmaxtrader.com:443
>>
>>
>> Thanks & Regards
>> Vivek Gupta
>> 9971514343
>>
>>
>>
>> On Mon, October 6, 2014 5:17 pm, Michal Trojnara wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>>
>>> Hi Vivek,
>>>
>>>
>>>
>>> I tried connecting fix-md-ate.lmaxtrader.com:443 with s_client:
>>> $ openssl s_client -connect fix-md-ate.lmaxtrader.com:443 -tls1
>>>
>>>
>>>
>>> The service behaves the same way as with stunnel: it negotiates TLS,
>>> and then disconnects the TCP session without sending any data.  I
>>> cannot see any stunnel error here.
>>>
>>> Another example:
>>> $ curl -1 https://fix-md-ate.lmaxtrader.com
>>> curl: (52) Empty reply from server
>>>
>>>
>>>
>>> Mike
>>>
>>>
>>>
>>> Vivek Gupta wrote:
>>>
>>>
>>>> Hi
>>>>
>>>>
>>>>
>>>> I am using sTunnel for communication betweem my TCP client and a
>>>> remote SERVER but I am getting error as always-
>>>>
>>>> Signal pipe is empty Service [LMAX-fix-tunnel-DEMO-MktData]
>>>> accepted (FD=348) from 127.0.0.1:55919 2014.10.06 :34:56 LOG7[4220]:
>>>>  Creating a new thread New thread created Service
>>>> [LMAX-fix-tunnel-DEMO-MktData] started Service
>>>> [LMAX-fix-tunnel-DEMO-MktData] accepted connection from
>>>> 127.0.0.1:55919 s_connect: connecting 91.215.165.69:443 s_connect:
>>>> s_poll_wait 91.215.165.69:443: waiting 10 seconds s_connect:
>>>> connected 91.215.165.69:443 Service [LMAX-fix-tunnel-DEMO-MktData]
>>>> connected remote server from 192.168.1.5:55920 Remote socket
>>>> (FD=352)
>>>> initialized SNI: sending servername: fix-md-ate.lmaxtrader.com SSL
>>>> state (connect): before/connect
>>>> initialization SSL state (connect): SSLv3 write client hello A SSL
>>>> state (connect): SSLv3 read server hello A SSL state (connect):
>>>> SSLv3 read server certificate A SSL state (connect): SSLv3 read
>>>> server done A SSL state (connect): SSLv3 write client key exchange A
>>>> SSL
>>>> state (connect): SSLv3 write change cipher spec A SSL state
>>>> (connect):
>>>> SSLv3 write finished A SSL state (connect): SSLv3 flush
>>>> data SSL state (connect): SSLv3 read finished A 1 items in the
>>>> session cache 1 client connects (SSL_connect()) 1 client connects
>>>> that finished 0 client renegotiations requested 0 server connects
>>>> (SSL_accept()) 0
>>>> server connects that finished 0 server renegotiations requested 0
>>>> session cache hits 0 external session cache hits 0 session cache
>>>> misses 0 session cache timeouts Peer certificate was cached (3944
>>>> bytes) SSL connected: new session
>>>> negotiated Negotiated TLSv1/SSLv3 ciphersuite: AES128-SHA (128-bit
>>>> encryption) Compression: null, expansion: null SSL_read returned
>>>> WANT_READ: retrying SSL socket closed (SSL_read) Sent socket write
>>>> shutdown Connection closed: 150 byte(s) sent to SSL, 0 byte(s) sent
>>>> to socket Remote socket (FD=352) closed Local socket (FD=348) closed
>>>>  Service [LMAX-fix-tunnel-DEMO-MktData] finished (0 left)
>>>>
>>>>
>>>>
>>>> Please suggest. _______________________________________________
>>>> stunnel-users mailing list stunnel-users at stunnel.org
>>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>>
>>>>
>>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1
>>>
>>>
>>>
>>> iEYEARECAAYFAlQygVoACgkQ/NU+nXTHMtHRAQCeP6yfrYGrP4bBt1T2CnNR8lhK
>>> abQAoKeGCx2RqhefgIoVDdrInjK6TxUx =MHiJ -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> stunnel-users mailing list stunnel-users at stunnel.org
>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>
>>>
>>>
>>
>> _______________________________________________
>> stunnel-users mailing list stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>
>



More information about the stunnel-users mailing list