[stunnel-users] Hangs when connecting -- advice pls

Dave Gradwell davegradwell at yahoo.co.uk
Mon Sep 19 19:32:17 CEST 2016


Hello,

> On 19 Sep 2016, at 02:27, Małgorzata Olszówka <gosia at olszowka.net> wrote:
> 
> Hi!
>> What about the execArgs do you think is wrong?  If it’s the trailing dot
>> then it’s something to do with rsync (detailed here
>> <https://lists.samba.org/archive/rsync-cvs/2013-July/007296.html>).
>> As far as I can tell, Stunnel doesn’t even get as far as invoking the
>> executable because it never manages to finish connecting.
> execArgs = $0 $1 $2 ...
> arguments for exec including the program name ($0), it means $0 = rsync
> In your config file:
> execArgs = -vvvv --daemon --server --config=/Users/dave/Desktop/stunnel-test/stunnel-rsyncd.conf .
Good point but no luck; it still fails the same way.
I think Stunnel doesn’t even get as far as executing the executable because it fails to connect.
E.g., it still hangs the same way even if I use something absurd such as   exec = FOO/FOO/FOO
I just don’t think it gets that far.

>> The server *is* on localhost.  So is the client.  The logs show the
>> server is on port 874 and the client connected from port 51362 on this
>> occasion.
> I don’t understand what you want to achieve. Do you have the stunnel client and the stunnel server on the same computer and try to establish an encrypted connection between them on the localhost? For what purpose?
Testing.

>> Further information: I’ve also tried Stunnel 4.57 and this fails in
>> exactly the same way.
>> It also bothers me that the last log line mentions SSLv3 (server) and
>> SSLv2/v3 (client)… but the manual says "Obsolete SSLv2 and SSLv3 are
>> currently disabled by default”.  So why would they appear in the log?
>> I’ve even explicitly disabled them with addition of "options =
>> NO_SSLv2" and  "options = NO_SSLv3” lines in the confs, but this makes
>> no difference.
> 
> SSL state (accept): SSLv3 messages are from OpenSSL. They are vestiges of the past.
> 
> With the latest OpenSSL 1.1.0.:
> 
> 2016.09.19 04:56:54 LOG5[ui]: stunnel 5.36 on x86_64-unknown-linux-gnu platform
> 2016.09.19 04:56:54 LOG5[ui]: Compiled/running with OpenSSL 1.1.0  25 Aug 2016
>> 2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS read client hello
> 2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write server hello
> 2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write certificate
> 2016.09.19 04:57:19 LOG7[0]: SSL state (accept): SSLv3/TLS write key exchange
>
Do you mean that the ‘SSLv3’ bit is misleading and I can just ignore it?

Thanks, Dave.












More information about the stunnel-users mailing list