Package: stunnel4 Version: 3:4.22-1 Severity: important
I'm trying to use stunnel4 in a thin client system (TCOS) to make the XMLRPC connection more secure. XMLRPC server is basically and HTTP server that send/receive XML text via POST (use libxmlrpc-c3). All seems to work with default settings but every call to SSL port get 60 seconds, if set TIMEOUTclose=1 xmlrpc call take 1,0xx seconds and if set TIMEOUTclose=0 stunnel4 don't start. Without SSL every XMLRCP call take 0,0xx seconds. Configuration file comments says: TIMEOUTclose = seconds to wait for close_notify (set to 0 for buggy MSIE) 0 isn't a valid value and I need to use 0 timeout. With "ssldump -aAdNxX -i lo" I can see that xmlrpc server has returned to stunnel4 tha data and stunnel4 waits TIMEOUTclose seconds to returns... My stunnel.conf: ========================================= cert = /etc/stunnel/stunnel.pem ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv2 ;TIMEOUTbusy = 1 ;seconds to wait for expected data TIMEOUTclose = 1 ;seconds to wait for close_notify (set to 0 for buggy MSIE) ;TIMEOUTconnect = 1;seconds to connect remote host ;TIMEOUTidle = 1 ;seconds to keep an idle connection ;foreground=yes syslog=no session=1 ;DNS delay delay = no ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = root setgid = root ; PID is created inside chroot jail pid = /stunnel4.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = rle ; Some debugging stuff useful for troubleshooting ;debug = 7 output = /var/log/stunnel4/stunnel.log ; Service-level configuration [tcosxmlrpc] accept = 8999 connect = 8998 ================================================ Connection is like this: Control Gui --> XMLRPC connection to 8999 (SSL) --> stunnel4 localhost connection to 8998 -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages stunnel4 depends on: ii adduser 3.107 add and remove users and groups ii libc6 2.7-10 GNU C Library: Shared libraries ii libssl0.9.8 0.9.8g-10 SSL shared libraries ii libwrap0 7.6.q-15 Wietse Venema's TCP wrappers libra ii netbase 4.32 Basic TCP/IP networking system ii openssl 0.9.8g-10 Secure Socket Layer (SSL) binary a ii perl-modules 5.10.0-10 Core Perl modules stunnel4 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
