[stunnel-users] S-tunnel will not send TLS

Fri Mar 13 11:43:47 CET 2020

On Fri, Mar 13, 2020 at 09:42:27AM +0000, Jan Falk wrote:
> Hi.
> Can someone tell me why Stunnel stops at wating 10s? Log:
> 
> 2020.03.12 09:43:36 LOG6[main]: Initializing service [x3_x4_DICOM_BFT_client]
[snip]
> 2020.03.12 09:44:37 LOG7[0]: Service [x3_x4_HL7_BFT_client] started
> 2020.03.12 09:44:37 LOG7[0]: Setting local socket options (FD=508)
> 2020.03.12 09:44:37 LOG7[0]: Option TCP_NODELAY set on local socket
> 2020.03.12 09:44:37 LOG5[0]: Service [x3_x4_HL7_BFT_client] accepted connection from 127.0.0.1:50299
> 2020.03.12 09:44:37 LOG6[0]: s_connect: connecting 10.67.6.106:6161
> 2020.03.12 09:44:37 LOG7[0]: s_connect: s_poll_wait 10.67.6.106:6161: waiting 10 seconds

Have you made sure that there is something listening on port 6161 of
the 10.67.6.106 host and that the host that stunnel is running on
can establish a connection to it? No firewalls, no routing problems
or anything like that?

What happens if you run - on the host that stunnel runs on - this:

  nc -v -z 10.67.6.106 6161

...and also, if stunnel is supposed to establish a secure connection to
that host (that is, if stunnel is working in client mode):

  openssl s_client -connect 10.67.6.106:6161

The first command should exit immediately and tell you that a TCP
connection was established successfully; the second one should also try
to negotiate a TLS connection and show you what the server on the other
side tells you after the connection has been established.

G'luck,
Peter

-- 
Peter Pentchev  roam@{ringlet.net,debian.org,FreeBSD.org} pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200313/e5766658/attachment.sig>