[stunnel-users] TLSv1 - Linux vs Windows ?

Brian Ipsen brian.ipsen at ryesgade47c.dk
Tue Feb 10 19:02:52 CET 2015


Hi

I have a strange issue with stunnel 5.09 - which connects up to a F5 loadbalancer/SSL-offloading engine. In my config, I specify that the protocol must be TLSv1 - from Linux, I can connect - but it does not work from Windows..


Linux log:

2015.02.10 15:58:29 LOG7[22779]: Service [rb20] accepted (FD=3) from 127.0.0.1:33247
2015.02.10 15:58:29 LOG7[22887]: Service [rb20] started
2015.02.10 15:58:29 LOG5[22887]: Service [rb20] accepted connection from 127.0.0.1:33247
2015.02.10 15:58:29 LOG6[22887]: s_connect: connecting A.B.C.D:443
2015.02.10 15:58:29 LOG7[22887]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds
2015.02.10 15:58:29 LOG5[22887]: s_connect: connected A.B.C.D:443
2015.02.10 15:58:29 LOG5[22887]: Service [rb20] connected remote server from 10.11.12.101:33477
2015.02.10 15:58:29 LOG7[22887]: Remote socket (FD=11) initialized
2015.02.10 15:58:29 LOG6[22887]: SNI: sending servername: host.domain.com
2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): before/connect initialization
2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write client hello A
2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 read server hello A
2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 read finished A
2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write change cipher spec A
2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write finished A
2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 flush data
2015.02.10 15:58:29 LOG7[22887]:    1 items in the session cache
2015.02.10 15:58:29 LOG7[22887]:    5 client connects (SSL_connect())
2015.02.10 15:58:29 LOG7[22887]:    5 client connects that finished
2015.02.10 15:58:29 LOG7[22887]:    0 client renegotiations requested
2015.02.10 15:58:29 LOG7[22887]:    0 server connects (SSL_accept())
2015.02.10 15:58:29 LOG7[22887]:    0 server connects that finished
2015.02.10 15:58:29 LOG7[22887]:    0 server renegotiations requested
2015.02.10 15:58:29 LOG7[22887]:    4 session cache hits
2015.02.10 15:58:29 LOG7[22887]:    0 external session cache hits
2015.02.10 15:58:29 LOG7[22887]:    0 session cache misses
2015.02.10 15:58:29 LOG7[22887]:    0 session cache timeouts
2015.02.10 15:58:29 LOG6[22887]: SSL connected: previous session reused
2015.02.10 15:58:29 LOG7[22779]: Service [rb20] accepted (FD=12) from 127.0.0.1:33249
2015.02.10 15:58:29 LOG6[22887]: Read socket closed (read hangup)
2015.02.10 15:58:29 LOG7[22887]: Sending close_notify alert
2015.02.10 15:58:29 LOG7[22887]: SSL alert (write): warning: close notify
2015.02.10 15:58:29 LOG6[22887]: SSL_shutdown successfully sent close_notify alert
2015.02.10 15:58:29 LOG7[22888]: Service [rb20] started
2015.02.10 15:58:29 LOG5[22888]: Service [rb20] accepted connection from 127.0.0.1:33249
2015.02.10 15:58:29 LOG6[22888]: s_connect: connecting A.B.C.D:443
2015.02.10 15:58:29 LOG7[22888]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds
2015.02.10 15:58:29 LOG5[22888]: s_connect: connected A.B.C.D:443
2015.02.10 15:58:29 LOG5[22888]: Service [rb20] connected remote server from 10.11.12.101:33479
2015.02.10 15:58:29 LOG7[22888]: Remote socket (FD=13) initialized
2015.02.10 15:58:29 LOG6[22888]: SNI: sending servername: ssl39.dmsave.com
2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): before/connect initialization
2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write client hello A
2015.02.10 15:58:29 LOG6[22887]: SSL socket closed (SSL_read)
2015.02.10 15:58:29 LOG7[22887]: Sent socket write shutdown
2015.02.10 15:58:29 LOG5[22887]: Connection closed: 136 byte(s) sent to SSL, 52 byte(s) sent to socket
2015.02.10 15:58:29 LOG7[22887]: Remote socket (FD=11) closed
2015.02.10 15:58:29 LOG7[22887]: Local socket (FD=3) closed
2015.02.10 15:58:29 LOG7[22887]: Service [rb20] finished (1 left)
2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 read server hello A
2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 read finished A
2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write change cipher spec A
2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write finished A
2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 flush data
2015.02.10 15:58:29 LOG7[22888]:    1 items in the session cache
2015.02.10 15:58:29 LOG7[22888]:    6 client connects (SSL_connect())
2015.02.10 15:58:29 LOG7[22888]:    6 client connects that finished
2015.02.10 15:58:29 LOG7[22888]:    0 client renegotiations requested
2015.02.10 15:58:29 LOG7[22888]:    0 server connects (SSL_accept())
2015.02.10 15:58:29 LOG7[22888]:    0 server connects that finished
2015.02.10 15:58:29 LOG7[22888]:    0 server renegotiations requested
2015.02.10 15:58:29 LOG7[22888]:    5 session cache hits
2015.02.10 15:58:29 LOG7[22888]:    0 external session cache hits
2015.02.10 15:58:29 LOG7[22888]:    0 session cache misses
2015.02.10 15:58:29 LOG7[22888]:    0 session cache timeouts
2015.02.10 15:58:29 LOG6[22888]: SSL connected: previous session reused


Windows log:

2015.02.10 16:07:36 LOG7[9528]: Service [rb20] accepted (FD=1128) from 127.0.0.1:50353
2015.02.10 16:07:36 LOG7[9528]: Creating a new thread
2015.02.10 16:07:36 LOG7[9528]: New thread created
2015.02.10 16:07:36 LOG7[7056]: Service [rb20] started
2015.02.10 16:07:36 LOG5[7056]: Service [rb20] accepted connection from 127.0.0.1:50353
2015.02.10 16:07:36 LOG6[7056]: s_connect: connecting A.B.C.D:443
2015.02.10 16:07:36 LOG7[7056]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds
2015.02.10 16:07:36 LOG5[7056]: s_connect: connected A.B.C.D:443
2015.02.10 16:07:36 LOG5[7056]: Service [rb20] connected remote server from 192.168.225.103:50354
2015.02.10 16:07:36 LOG7[7056]: Remote socket (FD=1124) initialized
2015.02.10 16:07:36 LOG6[7056]: SNI: sending servername: host.domain.com
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): before/connect initialization
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write client hello A
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server hello A
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server certificate A
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server done A
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write client key exchange A
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write change cipher spec A
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write finished A
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 flush data
2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read finished A
2015.02.10 16:07:36 LOG7[7056]:    1 items in the session cache
2015.02.10 16:07:36 LOG7[7056]:    1 client connects (SSL_connect())
2015.02.10 16:07:36 LOG7[7056]:    1 client connects that finished
2015.02.10 16:07:36 LOG7[7056]:    0 client renegotiations requested
2015.02.10 16:07:36 LOG7[7056]:    0 server connects (SSL_accept())
2015.02.10 16:07:36 LOG7[7056]:    0 server connects that finished
2015.02.10 16:07:36 LOG7[7056]:    0 server renegotiations requested
2015.02.10 16:07:36 LOG7[7056]:    0 session cache hits
2015.02.10 16:07:36 LOG7[7056]:    0 external session cache hits
2015.02.10 16:07:36 LOG7[7056]:    0 session cache misses
2015.02.10 16:07:36 LOG7[7056]:    0 session cache timeouts
2015.02.10 16:07:36 LOG7[7056]: Peer certificate was cached (1521 bytes)
2015.02.10 16:07:36 LOG6[7056]: SSL connected: new session negotiated
2015.02.10 16:07:36 LOG6[7056]: Negotiated TLSv1 ciphersuite RC4-MD5 (128-bit encryption)
2015.02.10 16:07:36 LOG7[7056]: Compression: null, expansion: null
2015.02.10 16:07:36 LOG6[7056]: Read socket closed (readsocket)
2015.02.10 16:07:36 LOG7[7056]: Sending close_notify alert
2015.02.10 16:07:36 LOG7[7056]: SSL alert (write): warning: close notify
2015.02.10 16:07:36 LOG6[7056]: SSL_shutdown successfully sent close_notify alert
2015.02.10 16:07:36 LOG7[9528]: Service [rb20] accepted (FD=1132) from 127.0.0.1:50355
2015.02.10 16:07:36 LOG7[9528]: Creating a new thread
2015.02.10 16:07:36 LOG7[9528]: New thread created
2015.02.10 16:07:36 LOG7[2164]: Service [rb20] started
2015.02.10 16:07:36 LOG5[2164]: Service [rb20] accepted connection from 127.0.0.1:50355
2015.02.10 16:07:36 LOG6[2164]: s_connect: connecting A.B.C.D:443
2015.02.10 16:07:36 LOG7[2164]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds
2015.02.10 16:07:36 LOG5[2164]: s_connect: connected A.B.C.D:443
2015.02.10 16:07:36 LOG5[2164]: Service [rb20] connected remote server from 192.168.225.103:50356
2015.02.10 16:07:36 LOG7[2164]: Remote socket (FD=1152) initialized
2015.02.10 16:07:36 LOG6[2164]: SNI: sending servername: host.domain.com
2015.02.10 16:07:36 LOG7[2164]: SSL state (connect): before/connect initialization
2015.02.10 16:07:36 LOG7[2164]: SSL state (connect): SSLv3 write client hello A
2015.02.10 16:07:36 LOG6[7056]: SSL socket closed (SSL_read)
2015.02.10 16:07:36 LOG7[7056]: Sent socket write shutdown
2015.02.10 16:07:36 LOG5[7056]: Connection closed: 89 byte(s) sent to SSL, 52 byte(s) sent to socket
2015.02.10 16:07:36 LOG7[7056]: Remote socket (FD=1124) closed
2015.02.10 16:07:36 LOG7[7056]: Local socket (FD=1128) closed
2015.02.10 16:07:36 LOG7[7056]: Service [rb20] finished (1 left)


The main difference I can see, is that on Linux I get:

2015.02.10 15:58:29 LOG6[22887]: SSL connected: previous session reused

Whereas Windows gives me:

2015.02.10 16:07:36 LOG7[7056]: Peer certificate was cached (1521 bytes)
2015.02.10 16:07:36 LOG6[7056]: SSL connected: new session negotiated

Any idea why this happens ? The final result is that connections are possible from linux - but not Windows - and this is a problem for me...

Regards
/Brian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150210/35940252/attachment-0001.html>


More information about the stunnel-users mailing list