[stunnel-users] Help please.

Mon Dec 2 16:34:56 CET 2019

Ajiq,

On 12/2/19 09:52, Ajjq . wrote:
> I need to  enable a /tunnel_out/  for UTL_HTTP from http:// to https://
> 
> I installed stunnel 5.34 win32 in a windows 2008 server.
> 
> I am including my stunnel.conf y log file (debug=7)
> 
> As you can see in the log file, I get this error:
> 
> 2019.12.01 14:08:12 LOG3[7]: SSL_accept: 1407609C: error:1407609C:SSL
> routines:SSL23_GET_CLIENT_HELLO:http request

So you are trying something like this?

C:> TELNET LOCALHOST 80

(expect to be connected to sub.dominio.com:443)

Right?

> Could you help me please?
> 
> 
> *MY stunnel.conf---*
> debug = 7
> output = stunnel.log
> 
> [https]
> accept  = 127.0.0.1:80
> connect = sub.dominio.com:443
> cert = stunnel.pem
> TIMEOUTclose = 0

I don't see any "client" line in your file, so I'm assuming it is set to
the default which is "server mode". In "server mode", stunnel listens
for incoming TLS connections and connects to an unencrypted channel.

I think you want the opposite.

> 2019.12.01 14:01:37 LOG7[1]: Service [https] started
> 2019.12.01 14:01:37 LOG5[1]: Service [https] accepted connection from
> 127.0.0.1:56582
> 2019.12.01 14:01:37 LOG7[1]: SSL state (accept): before/accept
> initialization
> 2019.12.01 14:01:37 LOG3[0]: SSL_accept: 1407609C: error:1407609C:SSL
> routines:SSL23_GET_CLIENT_HELLO:http request

Yes, it looks like it's listening for a TLS connection and not a
plain-text one.

Try setting this in your config file:

client=yes

Hope that helps,
-chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20191202/2ba01d20/attachment-0001.sig>