[stunnel-users] Stunnel Connectivity Issue

Dheeraj Gautam dheeraj.gautam at arborfs.com
Tue Jun 13 17:41:03 CEST 2017


HI Guys,

below is the config which i have configured with TLSv1.2, but still
connection establishing only for while when i telnet telnet 127.0.0.1 9233.
and just after connection closed.

[TCP]
client=yes
cert = BBG_cert.pem
key = BBG_key.pem
verifyChain = yes
CAfile = BBG_CACerts.pem
connect = 69.191.198.34:8228
accept  = 127.0.0.1:9233
sslVersion = TLSv1.2

below the logs:

2017.06.13 11:57:49 LOG5[main]: Reading configuration from file stunnel.conf
2017.06.13 11:57:49 LOG5[main]: UTF-8 byte order mark detected
2017.06.13 11:57:49 LOG5[main]: FIPS mode disabled
2017.06.13 11:57:49 LOG3[main]: Service [TCP]: Each service must define two
endpoints
2017.06.13 11:57:49 LOG3[main]: Failed to reload the configuration file
2017.06.13 16:37:16 LOG5[main]: Reading configuration from file stunnel.conf
2017.06.13 16:37:16 LOG5[main]: UTF-8 byte order mark detected
2017.06.13 16:37:16 LOG5[main]: FIPS mode disabled
2017.06.13 16:37:16 LOG4[main]: Service [TCP] uses "verifyChain" without
subject checks
2017.06.13 16:37:16 LOG4[main]: Use "checkHost" or "checkIP" to restrict
trusted certificates
2017.06.13 16:37:16 LOG5[main]: Configuration successful
2017.06.13 16:38:38 LOG5[11]: Service [TCP] accepted connection from
127.0.0.1:62736
2017.06.13 16:38:38 LOG5[11]: s_connect: connected 69.191.198.34:8228
2017.06.13 16:38:38 LOG5[11]: Service [TCP] connected remote server from
172.16.1.23:62737
2017.06.13 16:38:39 LOG5[11]: Certificate accepted at depth=0: C=US, ST=NEW
YORK, L=NEW YORK, O=Bloomberg LP, OU=FIXBETA, CN=fixbeta.bloomberg.com,
emailAddress=caadmin at bloomberg.com
2017.06.13 16:39:10 LOG5[11]: Connection closed: 0 byte(s) sent to TLS, 0
byte(s) sent to socket

i want connection remained connected every time so that i can run the
application.

application can be work only if the connection remain connected.

please help me to sort this out.

Regards,

Dheeraj Gautam

On 25 May 2017 at 12:29, Małgorzata Olszówka <
Malgorzata.Olszowka at stunnel.org> wrote:

> Could you please let us know what parameters we are missing here due to
>> which connection is not establishing with remote server.
>>
>> Although, stunnel logs indicating that configuration successful, but in
>> logs no where is mentioned about the connection is it connected or not,
>>
>
>
> Hello Dheeraj,
>
> You should set the verifyChain option in order to verify the certificate
> stored in the file specified with CAfile:
> verifyChain = yes
>
> Then you can test your connection:
> telnet 127.0.0.1 9233
> the stunnel logs will show information about the connection attempt.
>
> Regards,
> Małgorzata
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>

-- 
 

www.arborfs.com

This e-mail and any attachment are confidential and contain proprietary 
information, some or all of which may be legally privileged.

It is intended solely for the use of the individual or entity to which it 
is addressed.  If you are not the intended recipient, please notify the 
author immediately by telephone or by replying to this e-mail, and then 
delete all copies of the e-mail on your system.  If you are not the 
intended recipient, you must not use, disclose, distribute, copy, print or 
rely on this e-mail.

Whilst we have taken reasonable precautions to ensure that this e-mail and 
any attachment has been checked for viruses, we cannot guarantee that they 
are virus free and we cannot accept liability for any damage sustained as a 
result of software viruses.  We would advise that you carry out your own 
virus checks, especially before opening an attachment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/7e16683d/attachment.html>


More information about the stunnel-users mailing list