[stunnel-users] Question regarding setup

Tomas Martinez tomasgava at gmail.com
Fri May 5 08:49:57 CEST 2017 

Thank you to everyone who responded - it works now ! 

Tom

Sent from my iPhone

> On 5 May 2017, at 06:35, Chris Chia <chris at tch.anu.edu.au> wrote:
> 
> This is ours :
>  
>  
> [ALMA - SIP]
> key = client.pem
> cert = client.pem
> accept = 6443
> connect = xxxx.xxxxxx.exlibrisgroup.com:6443
> TIMEOUTclose = 0
> TIMEOUTconnect = 200
> TIMEOUTidle = 86400
> ;
>  
> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Tomas Martinez
> Sent: Thursday, May 4, 2017 9:52 PM
> To: stunnel-users at stunnel.org
> Subject: [stunnel-users] Question regarding setup
>  
> Hello All,
>  
>  
> I am trying to set up stunnel so i can access my IIS static website (http://localhost)
> I want to access it via 'https://localhost:443'.
>  
> Here is my conf file :
>  
> [https]
> client= yes
> accept = 443
> connect = 80
> debug = 7
> sslVersion = all
> cert = D:\stunnel\config\cert.pfx
>  
> and here is the errors I am getting :
>  
> 2017.05.04 12:41:01 LOG5[main]: UTF-8 byte order mark detected
> 2017.05.04 12:41:01 LOG5[main]: FIPS mode disabled
> 2017.05.04 12:41:01 LOG4[main]: Service [https] needs authentication to prevent MITM attacks
> 2017.05.04 12:41:01 LOG5[main]: Configuration successful
> 2017.05.04 12:41:14 LOG7[80]: Service [https] started
> 2017.05.04 12:41:14 LOG7[80]: Option TCP_NODELAY set on local socket
> 2017.05.04 12:41:14 LOG5[80]: Service [https] accepted connection from 127.0.0.1:54417
> 2017.05.04 12:41:14 LOG6[80]: s_connect: connecting 127.0.0.1:80
> 2017.05.04 12:41:14 LOG7[80]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
> 2017.05.04 12:41:14 LOG7[81]: Service [https] started
> 2017.05.04 12:41:14 LOG7[81]: Option TCP_NODELAY set on local socket
> 2017.05.04 12:41:14 LOG5[81]: Service [https] accepted connection from 127.0.0.1:54419
> 2017.05.04 12:41:14 LOG6[81]: s_connect: connecting 127.0.0.1:80
> 2017.05.04 12:41:14 LOG7[81]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
> 2017.05.04 12:41:14 LOG5[81]: s_connect: connected 127.0.0.1:80
> 2017.05.04 12:41:14 LOG5[81]: Service [https] connected remote server from 127.0.0.1:54420
> 2017.05.04 12:41:14 LOG7[81]: Option TCP_NODELAY set on remote socket
> 2017.05.04 12:41:14 LOG7[81]: Remote descriptor (FD=552) initialized
> 2017.05.04 12:41:14 LOG6[81]: SNI: sending servername: localhost
> 2017.05.04 12:41:14 LOG6[81]: Peer certificate not required
> 2017.05.04 12:41:14 LOG7[81]: TLS state (connect): before/connect initialization
> 2017.05.04 12:41:14 LOG7[81]: TLS state (connect): SSLv2/v3 write client hello A
> 2017.05.04 12:41:14 LOG3[81]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> 2017.05.04 12:41:14 LOG5[81]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
> 2017.05.04 12:41:14 LOG7[81]: Deallocating application specific data for addr index
> 2017.05.04 12:41:14 LOG7[81]: Remote descriptor (FD=552) closed
> 2017.05.04 12:41:14 LOG7[81]: Local descriptor (FD=480) closed
> 2017.05.04 12:41:14 LOG7[81]: Service [https] finished (1 left)
> 2017.05.04 12:41:14 LOG5[80]: s_connect: connected 127.0.0.1:80
> 2017.05.04 12:41:14 LOG5[80]: Service [https] connected remote server from 127.0.0.1:54418
> 2017.05.04 12:41:14 LOG7[80]: Option TCP_NODELAY set on remote socket
> 2017.05.04 12:41:14 LOG7[80]: Remote descriptor (FD=304) initialized
> 2017.05.04 12:41:14 LOG6[80]: SNI: sending servername: localhost
> 2017.05.04 12:41:14 LOG6[80]: Peer certificate not required
> 2017.05.04 12:41:14 LOG7[80]: TLS state (connect): before/connect initialization
> 2017.05.04 12:41:14 LOG7[80]: TLS state (connect): SSLv2/v3 write client hello A
> 2017.05.04 12:41:14 LOG3[80]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> 2017.05.04 12:41:14 LOG5[80]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
> 2017.05.04 12:41:14 LOG7[80]: Deallocating application specific data for addr index
> 2017.05.04 12:41:14 LOG7[80]: Remote descriptor (FD=304) closed
> 2017.05.04 12:41:14 LOG7[80]: Local descriptor (FD=496) closed
> 2017.05.04 12:41:14 LOG7[80]: Service [https] finished (0 left)
> 2017.05.04 12:41:14 LOG7[82]: Service [https] started
> 2017.05.04 12:41:14 LOG7[82]: Option TCP_NODELAY set on local socket
> 2017.05.04 12:41:14 LOG5[82]: Service [https] accepted connection from 127.0.0.1:54422
> 2017.05.04 12:41:14 LOG6[82]: s_connect: connecting 127.0.0.1:80
> 2017.05.04 12:41:14 LOG7[82]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
> 2017.05.04 12:41:14 LOG5[82]: s_connect: connected 127.0.0.1:80
> 2017.05.04 12:41:14 LOG5[82]: Service [https] connected remote server from 127.0.0.1:54423
> 2017.05.04 12:41:14 LOG7[82]: Option TCP_NODELAY set on remote socket
> 2017.05.04 12:41:14 LOG7[82]: Remote descriptor (FD=304) initialized
> 2017.05.04 12:41:14 LOG6[82]: SNI: sending servername: localhost
> 2017.05.04 12:41:14 LOG6[82]: Peer certificate not required
> 2017.05.04 12:41:14 LOG7[82]: TLS state (connect): before/connect initialization
> 2017.05.04 12:41:14 LOG7[82]: TLS state (connect): SSLv2/v3 write client hello A
> 2017.05.04 12:41:14 LOG3[82]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> 2017.05.04 12:41:14 LOG5[82]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
> 2017.05.04 12:41:14 LOG7[82]: Deallocating application specific data for addr index
> 2017.05.04 12:41:14 LOG7[82]: Remote descriptor (FD=304) closed
> 2017.05.04 12:41:14 LOG7[82]: Local descriptor (FD=544) closed
> 2017.05.04 12:41:14 LOG7[82]: Service [https] finished (0 left)
> 2017.05.04 12:41:14 LOG7[83]: Service [https] started
> 2017.05.04 12:41:14 LOG7[83]: Option TCP_NODELAY set on local socket
> 2017.05.04 12:41:14 LOG5[83]: Service [https] accepted connection from 127.0.0.1:54425
> 2017.05.04 12:41:14 LOG6[83]: s_connect: connecting 127.0.0.1:80
> 2017.05.04 12:41:14 LOG7[83]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
> 2017.05.04 12:41:14 LOG5[83]: s_connect: connected 127.0.0.1:80
> 2017.05.04 12:41:14 LOG5[83]: Service [https] connected remote server from 127.0.0.1:54426
> 2017.05.04 12:41:14 LOG7[83]: Option TCP_NODELAY set on remote socket
> 2017.05.04 12:41:14 LOG7[83]: Remote descriptor (FD=540) initialized
> 2017.05.04 12:41:14 LOG6[83]: SNI: sending servername: localhost
> 2017.05.04 12:41:14 LOG6[83]: Peer certificate not required
> 2017.05.04 12:41:14 LOG7[83]: TLS state (connect): before/connect initialization
> 2017.05.04 12:41:14 LOG7[83]: TLS state (connect): SSLv2/v3 write client hello A
> 2017.05.04 12:41:14 LOG3[83]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> 2017.05.04 12:41:14 LOG5[83]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
> 2017.05.04 12:41:14 LOG7[83]: Deallocating application specific data for addr index
> 2017.05.04 12:41:14 LOG7[83]: Remote descriptor (FD=540) closed
> 2017.05.04 12:41:14 LOG7[83]: Local descriptor (FD=488) closed
> 2017.05.04 12:41:14 LOG7[83]: Service [https] finished (0 left)
> 2017.05.04 12:41:14 LOG7[84]: Service [https] started
> 2017.05.04 12:41:14 LOG7[84]: Option TCP_NODELAY set on local socket
> 2017.05.04 12:41:14 LOG5[84]: Service [https] accepted connection from 127.0.0.1:54427
> 2017.05.04 12:41:14 LOG6[84]: s_connect: connecting 127.0.0.1:80
> 2017.05.04 12:41:14 LOG7[84]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
> 2017.05.04 12:41:14 LOG5[84]: s_connect: connected 127.0.0.1:80
> 2017.05.04 12:41:14 LOG5[84]: Service [https] connected remote server from 127.0.0.1:54428
> 2017.05.04 12:41:14 LOG7[84]: Option TCP_NODELAY set on remote socket
> 2017.05.04 12:41:14 LOG7[84]: Remote descriptor (FD=304) initialized
> 2017.05.04 12:41:14 LOG6[84]: SNI: sending servername: localhost
> 2017.05.04 12:41:14 LOG6[84]: Peer certificate not required
> 2017.05.04 12:41:14 LOG7[84]: TLS state (connect): before/connect initialization
> 2017.05.04 12:41:14 LOG7[84]: TLS state (connect): SSLv2/v3 write client hello A
> 2017.05.04 12:41:14 LOG3[84]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> 2017.05.04 12:41:14 LOG5[84]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
> 2017.05.04 12:41:14 LOG7[84]: Deallocating application specific data for addr index
> 2017.05.04 12:41:14 LOG7[84]: Remote descriptor (FD=304) closed
> 2017.05.04 12:41:14 LOG7[84]: Local descriptor (FD=484) closed
> 2017.05.04 12:41:14 LOG7[84]: Service [https] finished (0 left)
>  
>  
>  
> I am looking for a basic basic config. 
>  
> Can anyone advise why it is not working please. 
> Is there anything behind the scenes i need to configure?
>  
> Thank You in advanced
>  
> T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170505/c9bdeb6b/attachment.html>

More information about the stunnel-users mailing list