[stunnel-users] Help with connectivity issue
Josealf.rm
josealf at rocketmail.com
Fri Sep 15 22:05:58 CEST 2017
Robert,
Most likely amazon is not accepting TLSv1. It is a deprecated protocol. Remove sslVersion lines.
Check the OpenSSL output from your connection test. It should display the TLS version used.
Saludos
Jose A. Diaz
> On Sep 15, 2017, at 2:05 PM, Rob Allen <robert.allen at eyefinity.com> wrote:
>
> I’ve installed stunnel on an Amazon EC2 instance:
>
> stunnel 4.56 on x86_64-redhat-linux-gnu platform
> Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013
> Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
>
> Global options:
> debug = daemon.notice
> pid = /var/run/stunnel.pid
> RNDbytes = 64
> RNDfile = /dev/urandom
> RNDoverwrite = yes
>
> Service-level options:
> ciphers = FIPS (with "fips = yes")
> ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no")
> curve = prime256v1
> sessionCacheSize = 1000
> sessionCacheTimeout = 300 seconds
> sslVersion = TLSv1 (with "fips = yes")
> sslVersion = TLSv1 for client, all for server (with "fips = no")
> stack = 65536 bytes
> TIMEOUTbusy = 300 seconds
> TIMEOUTclose = 60 seconds
> TIMEOUTconnect = 10 seconds
> TIMEOUTidle = 43200 seconds
> verify = none
>
> I’ve created the stunnel.conf file:
>
> [smtp-tls-wrapper]
> accept = 2525
> client = yes
> connect = email-smtp.us-west-2.amazonaws.com:465
> protocol=smtp
> delay = yes
>
> I’ve tested the connection to SES (successfully) via openssl:
>
> [ec2-user at ip-172-31-4-68 ~]$ openssl s_client -quiet -crlf -connect email-smtp.us-west-2.amazonaws.com:465
> depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
> verify return:1
> depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
> verify return:1
> depth=0 C = US, ST = Washington, L = Seattle, O = "Amazon.com, Inc.", CN = email-smtp.us-west-2.amazonaws.com
> verify return:1
> 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-2370111491 wa7VtNk9b7c4TX0jNpdG
>
> But when I try to access through stunnel via localhost with telnet, I get this:
>
> [ec2-user at ip-172-31-4-68 ~]$ telnet localhost 2525
> Trying ::1...
> telnet: connect to address ::1: Connection refused
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> Connection closed by foreign host.
>
> I’ve tried everything I can think of; I’ve read all the blogs and pages related to connecting from ec2 to SES via stunnel and I just can’t get it to work. Does anyone have any suggestions for other things I could try?
>
> Thanks in advance,
> Rob Allen, CPO
> Software Engineer | Eyefinity
> NOTICE: This message is intended only for the individual to whom it is addressed and may contain information that is confidential or privileged. If you are not the intended recipient, or the employee or person responsible for delivering it to the intended recipient, you are hereby notified that any dissemination, distribution, copying or use is strictly prohibited. If you have received this communication in error, please notify the sender and destroy or delete this communication immediately.
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170915/a0fd8bd3/attachment.html>
More information about the stunnel-users
mailing list