[stunnel-users] Assistance needed debugging Stunnel AWS EC2 Interface

Małgorzata Olszówka gosia at olszowka.net
Fri Nov 25 14:42:44 CET 2016

W dniu 15.11.2016 o 03:39, Donald F. Coffin pisze:
> I am using stunnel as a proxy to support SoapUI mock services which are
> used to test an SSL based application.  The SoapUI and stunnel proxy are
> running on an AWS Ubuntu 14.04 EC2 Instance communicating to a Tomcat
> server running on a second AWS Ubuntu 14.04 EC2 Instance.  The target
> application uses a wildcard SSL Certificate and works successfully when
> accessed using a desktop browser (Chrome or Firefox).
> The issue I am encountering is that the stunnel connection logs a “SSL
> closed on SSL_read” message as soon as the cipher suite is negotiated as
> shown in the following stunnel.log:
> 2016.11.14 21:34:25 LOG6[5293:140430154827520]: SSL connected: new
> session negotiated
> 2016.11.14 21:34:25 LOG6[5293:140430154827520]: Negotiated TLSv1/SSLv3
> ciphersuite: AES128-SHA (128-bit encryption)
> 2016.11.14 21:34:25 LOG6[5293:140430154827520]: Compression: null,
> expansion: null
> 2016.11.14 21:34:45 LOG7[5293:140430154827520]: SSL closed on SSL_read
> 2016.11.14 21:34:45 LOG7[5293:140430154827520]: Sent socket write shutdown
> 2016.11.14 21:34:56 LOG7[5293:140430154827520]: Socket closed on read
> 2016.11.14 21:34:56 LOG7[5293:140430154827520]: Sending close_notify alert
> 2016.11.14 21:34:56 LOG6[5293:140430154827520]: SSL_shutdown
> successfully sent close_notify alert
> 2016.11.14 21:34:56 LOG5[5293:140430154827520]: Connection closed: 342
> byte(s) sent to SSL, 250 byte(s) sent to socket
> [resourceServer]
> accept=localhost:8080
> connect=
> ciphers=AES128-SHA
> client = yes
> cert=/etc/stunnel/stunnel.pem
> verify=0

I think that the client called [resourceServer] establishes the correct 
connection with a server located on This server does 
not send any more data and the connection will be terminated, that's all.
It looks like:
openssl s_client -connect

depth=2 C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For 
authorized use only, CN = GeoTrust Primary Certification Authority - G3
verify error:num=19:self signed certificate in certificate chain
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA

    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1480078548
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)


Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.

More information about the stunnel-users mailing list