[stunnel-users] Hangs when connecting -- advice pls

Małgorzata Olszówka gosia at olszowka.net
Mon Sep 19 11:27:58 CEST 2016


>> pay attention to the execArgs option
> What about the execArgs do you think is wrong?  If it’s the trailing dot
> then it’s something to do with rsync (detailed here
> <https://lists.samba.org/archive/rsync-cvs/2013-July/007296.html>).
> As far as I can tell, Stunnel doesn’t even get as far as invoking the
> executable because it never manages to finish connecting.

execArgs = $0 $1 $2 ...
arguments for exec including the program name ($0), it means $0 = rsync
In your config file:
execArgs = -vvvv --daemon --server 
--config=/Users/dave/Desktop/stunnel-test/stunnel-rsyncd.conf .

>> and connect the client to the server (not localhost).
> The server *is* on localhost.  So is the client.  The logs show the
> server is on port 874 and the client connected from port 51362 on this
> occasion.

I don’t understand what you want to achieve. Do you have the stunnel 
client and the stunnel server on the same computer and try to establish 
an encrypted connection between them on the localhost? For what purpose?

I always type the IP address to the stunnel server.

> Further information: I’ve also tried Stunnel 4.57 and this fails in
> exactly the same way.
> It also bothers me that the last log line mentions SSLv3 (server) and
> SSLv2/v3 (client)… but the manual says "Obsolete SSLv2 and SSLv3 are
> currently disabled by default”.  So why would they appear in the log?
>  I’ve even explicitly disabled them with addition of "options =
> NO_SSLv2" and  "options = NO_SSLv3” lines in the confs, but this makes
> no difference.

SSL state (accept): SSLv3 messages are from OpenSSL. They are vestiges 
of the past.

With the latest OpenSSL 1.1.0.:

2016.09.19 04:56:54 LOG5[ui]: stunnel 5.36 on x86_64-unknown-linux-gnu 
2016.09.19 04:56:54 LOG5[ui]: Compiled/running with OpenSSL 1.1.0  25 
Aug 2016
2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS read client hello
2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write server 
2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write certificate
2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write key 

Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.

More information about the stunnel-users mailing list