[stunnel-users] stunnel and MSIE

Brugman, Matt matt.brugman at pdqinc.com
Thu May 12 15:57:29 CEST 2016


I've compiled stunnel for Windows CE 5.0 and 6.0, and am running it on an ARM device.  It is being used in client mode to secure communications to various external servers with not problems.  It is also being used to secure Windows CE's webserver.

All of the client mode connections are working flawlessly (thanks for the awesome work, by the way!).  The webserver is working properly for all browsers except MSIE 11.  Everything I've seen tells me that the problem is not really with stunnel or openssl, but with Internet Explorer.  I've spent some time searching the mailing list archives and on Google, but haven't really found a solution to this, besides the obvious "well, don't use IE."  I'd love to go with the answer, but some of our users are locked into IE, and let's must make it a given that the choice of browser can't be changed.

The browser connects, negotiates a connection, and then exchanges keys and certificates.  Using the debug console in IE I see that it sends the initial "GET /".  Then the browser sees the response header, but no "body" data.  Again, I realize this isn't a specific stunnel issue, but I'm hoping someone on the list has seen a similar issue and found a resolution.

I've stripped stunnel.conf down to the very basics (some paths removed for clarity):

; Stunnel config for device
debug = 7
output = <path removed>stunnel.log
options = -NO_SSLv3
log = overwrite

;*********  SERVICES ***********

[https-server]
client = no
accept = 443
connect = 127.0.0.1:9975
cert = <path removed>stunnel.pem
delay = yes
TIMEOUTbusy = 5
TIMEOUTclose = 0
TIMEOUTidle = 30

Stunnel log output.  I do see the "Peer suddenly disconnected" messages, but again; I'm not sure why.  The last two lines of the log are the "transfer() loop executes not transferring any data":

3916.06.12 08:21:19 LOG7[ui]: Service [https-server] accepted (FD=9) from 192.168.55.77:12377
3916.06.12 08:21:19 LOG7[ui]: Creating a new thread
3916.06.12 08:21:19 LOG7[ui]: New thread created
3916.06.12 08:21:19 LOG7[0]: Service [https-server] started
3916.06.12 08:21:19 LOG5[0]: Service [https-server] accepted connection from 192.168.55.77:12377
3916.06.12 08:21:19 LOG7[0]: SSL state (accept): before/accept initialization
3916.06.12 08:21:19 LOG7[0]: SNI: no virtual services defined
3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 read client hello A
3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 write server hello A
3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 write certificate A
3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 write key exchange A
3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 write server done A
3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 flush data
3916.06.12 08:21:19 LOG7[0]: SSL state (accept): SSLv3 read client certificate A
3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 read client key exchange A
3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 read certificate verify A
3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 read finished A
3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 write change cipher spec A
3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 write finished A
3916.06.12 08:21:20 LOG7[0]: SSL state (accept): SSLv3 flush data
3916.06.12 08:21:20 LOG7[0]: New session callback
3916.06.12 08:21:20 LOG7[0]:      1 server accept(s) requested
3916.06.12 08:21:20 LOG7[0]:      1 server accept(s) succeeded
3916.06.12 08:21:20 LOG7[0]:      0 server renegotiation(s) requested
3916.06.12 08:21:20 LOG7[0]:      0 session reuse(s)
3916.06.12 08:21:20 LOG7[0]:      0 internal session cache item(s)
3916.06.12 08:21:20 LOG7[0]:      0 internal session cache fill-up(s)
3916.06.12 08:21:20 LOG7[0]:      0 internal session cache miss(es)
3916.06.12 08:21:20 LOG7[0]:      0 external session cache hit(s)
3916.06.12 08:21:20 LOG7[0]:      0 expired session(s) retrieved
3916.06.12 08:21:20 LOG6[0]: SSL accepted: new session negotiated
3916.06.12 08:21:20 LOG6[0]: No peer certificate received
3916.06.12 08:21:20 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-SHA384 (256-bit encryption)
3916.06.12 08:21:20 LOG7[0]: Compression: null, expansion: null
3916.06.12 08:21:20 LOG6[0]: s_connect: connecting 127.0.0.1:9775
3916.06.12 08:21:20 LOG6[0]: s_connect: connected 127.0.0.1:9775
3916.06.12 08:21:20 LOG6[0]: persistence: 127.0.0.1:9775 cached
3916.06.12 08:21:20 LOG5[0]: Service [https-server] connected remote server from 127.0.0.1:49277
3916.06.12 08:21:20 LOG7[0]: Remote descriptor (FD=11) initialized
3916.06.12 08:21:20 LOG6[0]: SSL socket closed (SSL_read)
3916.06.12 08:21:20 LOG7[0]: Sent socket write shutdown
3916.06.12 08:21:20 LOG5[0]: Connection closed: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
3916.06.12 08:21:20 LOG7[0]: Remote descriptor (FD=11) closed
3916.06.12 08:21:20 LOG7[0]: Local descriptor (FD=9) closed
3916.06.12 08:21:20 LOG7[0]: Service [https-server] finished (0 left)
3916.06.12 08:21:22 LOG7[ui]: Found 1 ready file descriptor(s)
3916.06.12 08:21:22 LOG7[ui]: FD=5 ifds=r-x ofds=---
3916.06.12 08:21:22 LOG7[ui]: Service [https-server] accepted (FD=13) from 192.168.55.77:30351
3916.06.12 08:21:22 LOG7[ui]: Creating a new thread
3916.06.12 08:21:22 LOG7[ui]: New thread created
3916.06.12 08:21:22 LOG7[1]: Service [https-server] started
3916.06.12 08:21:22 LOG5[1]: Service [https-server] accepted connection from 192.168.55.77:30351
3916.06.12 08:21:22 LOG7[1]: SSL state (accept): before/accept initialization
3916.06.12 08:21:22 LOG7[1]: SNI: no virtual services defined
3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 read client hello A
3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 write server hello A
3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 write change cipher spec A
3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 write finished A
3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 flush data
3916.06.12 08:21:22 LOG7[1]: SSL state (accept): SSLv3 read finished A
3916.06.12 08:21:22 LOG7[1]:      2 server accept(s) requested
3916.06.12 08:21:22 LOG7[1]:      2 server accept(s) succeeded
3916.06.12 08:21:22 LOG7[1]:      0 server renegotiation(s) requested
3916.06.12 08:21:22 LOG7[1]:      1 session reuse(s)
3916.06.12 08:21:22 LOG7[1]:      1 internal session cache item(s)
3916.06.12 08:21:22 LOG7[1]:      0 internal session cache fill-up(s)
3916.06.12 08:21:22 LOG7[1]:      0 internal session cache miss(es)
3916.06.12 08:21:22 LOG7[1]:      0 external session cache hit(s)
3916.06.12 08:21:22 LOG7[1]:      0 expired session(s) retrieved
3916.06.12 08:21:22 LOG6[1]: SSL accepted: previous session reused
3916.06.12 08:21:22 LOG6[1]: s_connect: connecting 127.0.0.1:9775
3916.06.12 08:21:22 LOG6[1]: s_connect: connected 127.0.0.1:9775
3916.06.12 08:21:22 LOG6[1]: persistence: 127.0.0.1:9775 cached
3916.06.12 08:21:22 LOG5[1]: Service [https-server] connected remote server from 127.0.0.1:49278
3916.06.12 08:21:22 LOG7[1]: Remote descriptor (FD=15) initialized
3916.06.12 08:21:22 LOG6[1]: SSL socket closed (SSL_read)
3916.06.12 08:21:22 LOG7[1]: Sent socket write shutdown
3916.06.12 08:21:22 LOG5[1]: Connection closed: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
3916.06.12 08:21:22 LOG7[1]: Remote descriptor (FD=15) closed
3916.06.12 08:21:22 LOG7[1]: Local descriptor (FD=13) closed
3916.06.12 08:21:22 LOG7[1]: Service [https-server] finished (0 left)
3916.06.12 08:21:22 LOG7[ui]: Found 1 ready file descriptor(s)
3916.06.12 08:21:22 LOG7[ui]: FD=5 ifds=r-x ofds=---
3916.06.12 08:21:22 LOG7[ui]: Service [https-server] accepted (FD=17) from 192.168.55.77:30352
3916.06.12 08:21:22 LOG7[ui]: Creating a new thread
3916.06.12 08:21:22 LOG7[ui]: New thread created
3916.06.12 08:21:22 LOG7[2]: Service [https-server] started
3916.06.12 08:21:22 LOG5[2]: Service [https-server] accepted connection from 192.168.55.77:30352
3916.06.12 08:21:22 LOG7[2]: SSL state (accept): before/accept initialization
3916.06.12 08:21:22 LOG7[2]: SNI: no virtual services defined
3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 read client hello A
3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 write server hello A
3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 write change cipher spec A
3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 write finished A
3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 flush data
3916.06.12 08:21:22 LOG7[2]: SSL state (accept): SSLv3 read finished A
3916.06.12 08:21:22 LOG7[2]:      3 server accept(s) requested
3916.06.12 08:21:22 LOG7[2]:      3 server accept(s) succeeded
3916.06.12 08:21:22 LOG7[2]:      0 server renegotiation(s) requested
3916.06.12 08:21:22 LOG7[2]:      2 session reuse(s)
3916.06.12 08:21:22 LOG7[2]:      1 internal session cache item(s)
3916.06.12 08:21:22 LOG7[2]:      0 internal session cache fill-up(s)
3916.06.12 08:21:22 LOG7[2]:      0 internal session cache miss(es)
3916.06.12 08:21:22 LOG7[2]:      0 external session cache hit(s)
3916.06.12 08:21:22 LOG7[2]:      0 expired session(s) retrieved
3916.06.12 08:21:22 LOG6[2]: SSL accepted: previous session reused
3916.06.12 08:21:22 LOG6[2]: s_connect: connecting 127.0.0.1:9775
3916.06.12 08:21:22 LOG6[2]: s_connect: connected 127.0.0.1:9775
3916.06.12 08:21:22 LOG6[2]: persistence: 127.0.0.1:9775 cached
3916.06.12 08:21:22 LOG5[2]: Service [https-server] connected remote server from 127.0.0.1:49279
3916.06.12 08:21:22 LOG7[2]: Remote descriptor (FD=19) initialized
3916.06.12 08:21:22 LOG3[2]: SSL socket closed (SSL_read) with 10137 unsent byte(s)
3916.06.12 08:21:22 LOG5[2]: Connection reset: 239 byte(s) sent to SSL, 553 byte(s) sent to socket
3916.06.12 08:21:22 LOG7[2]: Remote descriptor (FD=19) closed
3916.06.12 08:21:22 LOG7[2]: Local descriptor (FD=17) closed
3916.06.12 08:21:22 LOG7[2]: Service [https-server] finished (0 left)
3916.06.12 08:21:23 LOG7[ui]: Found 1 ready file descriptor(s)
3916.06.12 08:21:23 LOG7[ui]: FD=5 ifds=r-x ofds=---
3916.06.12 08:21:23 LOG7[ui]: Service [https-server] accepted (FD=21) from 192.168.55.77:30353
3916.06.12 08:21:23 LOG7[ui]: Creating a new thread
3916.06.12 08:21:23 LOG7[ui]: New thread created
3916.06.12 08:21:23 LOG7[3]: Service [https-server] started
3916.06.12 08:21:23 LOG5[3]: Service [https-server] accepted connection from 192.168.55.77:30353
3916.06.12 08:21:23 LOG7[3]: SSL state (accept): before/accept initialization
3916.06.12 08:21:23 LOG7[3]: SNI: no virtual services defined
3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 read client hello A
3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 write server hello A
3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 write change cipher spec A
3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 write finished A
3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 flush data
3916.06.12 08:21:23 LOG7[3]: SSL state (accept): SSLv3 read finished A
3916.06.12 08:21:23 LOG7[3]:      4 server accept(s) requested
3916.06.12 08:21:23 LOG7[3]:      4 server accept(s) succeeded
3916.06.12 08:21:23 LOG7[3]:      0 server renegotiation(s) requested
3916.06.12 08:21:23 LOG7[3]:      3 session reuse(s)
3916.06.12 08:21:23 LOG7[3]:      1 internal session cache item(s)
3916.06.12 08:21:23 LOG7[3]:      0 internal session cache fill-up(s)
3916.06.12 08:21:23 LOG7[3]:      0 internal session cache miss(es)
3916.06.12 08:21:23 LOG7[3]:      0 external session cache hit(s)
3916.06.12 08:21:23 LOG7[3]:      0 expired session(s) retrieved
3916.06.12 08:21:23 LOG6[3]: SSL accepted: previous session reused
3916.06.12 08:21:23 LOG6[3]: s_connect: connecting 127.0.0.1:9775
3916.06.12 08:21:23 LOG6[3]: s_connect: connected 127.0.0.1:9775
3916.06.12 08:21:23 LOG6[3]: persistence: 127.0.0.1:9775 cached
3916.06.12 08:21:23 LOG5[3]: Service [https-server] connected remote server from 127.0.0.1:49280
3916.06.12 08:21:23 LOG7[3]: Remote descriptor (FD=23) initialized
3916.06.12 08:21:23 LOG6[3]: Read socket closed (readsocket)
3916.06.12 08:21:23 LOG7[3]: Sending close_notify alert
3916.06.12 08:21:23 LOG7[3]: SSL alert (write): warning: close notify
3916.06.12 08:21:23 LOG6[3]: SSL_shutdown successfully sent close_notify alert
3916.06.12 08:21:23 LOG3[3]: transfer() loop executes not transferring any data
3916.06.12 08:21:23 LOG3[3]: please report the problem to Michal.Trojnara at mirt.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160512/952083cc/attachment-0001.html>


More information about the stunnel-users mailing list