-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Florian,
I have also noticed the bug, but I could not reliably reproduce it to test a fix. Could you please try if stunnel 5.18b5 works for you? https://www.stunnel.org/downloads.html protocol=pgsql does not seem to be a problem. Otherwise, stunnel would not be able to negotiate TLS. Best regards, Michal Trojnara On 10.06.2015 09:47, Florian Gossin wrote: > HI, > > I'm trying to setup a connection from JDBC to pgbouncer through > stunnel. Unfortunately, I get the above error message when I try to > connect. > > Here are the logs from stunnel: 2015.06.09 16:56:13 LOG7[3]: SSL > state (accept): SSLv3 read client certificate A 2015.06.09 16:56:13 > LOG7[3]: SSL state (accept): SSLv3 read client key exchange A > 2015.06.09 16:56:13 LOG7[3]: SSL state (accept): SSLv3 read > certificate verify A 2015.06.09 16:56:13 LOG7[3]: SSL state > (accept): SSLv3 read finished A 2015.06.09 16:56:13 LOG7[3]: SSL > state (accept): SSLv3 write change cipher spec A 2015.06.09 > 16:56:13 LOG7[3]: SSL state (accept): SSLv3 write finished A > 2015.06.09 16:56:13 LOG7[3]: SSL state (accept): SSLv3 flush data > 2015.06.09 16:56:13 LOG7[3]: 4 server accept(s) requested > 2015.06.09 16:56:13 LOG7[3]: 4 server accept(s) succeeded > 2015.06.09 16:56:13 LOG7[3]: 0 server renegotiation(s) > requested 2015.06.09 16:56:13 LOG7[3]: 0 session reuse(s) > 2015.06.09 16:56:13 LOG7[3]: 3 internal session cache item(s) > 2015.06.09 16:56:13 LOG7[3]: 0 internal session cache > fill-up(s) 2015.06.09 16:56:13 LOG7[3]: 0 internal session cache > miss(es) 2015.06.09 16:56:13 LOG7[3]: 0 external session cache > hit(s) 2015.06.09 16:56:13 LOG7[3]: 0 expired session(s) > retrieved 2015.06.09 16:56:13 LOG6[3]: SSL accepted: new session > negotiated 2015.06.09 16:56:13 LOG6[3]: Negotiated TLSv1 > ciphersuite ECDHE-RSA-AES256-SHA (256-bit encryption) 2015.06.09 > 16:56:13 LOG7[3]: Compression: null, expansion: null 2015.06.09 > 16:56:13 LOG6[3]: Failover strategy: round-robin 2015.06.09 > 16:56:13 LOG6[3]: s_connect: connecting 127.0.0.1:46432 > <http://127.0.0.1:46432> 2015.06.09 16:56:13 LOG7[3]: s_connect: > s_poll_wait 127.0.0.1:46432 <http://127.0.0.1:46432>: waiting 10 > seconds 2015.06.09 16:56:13 LOG5[3]: s_connect: connected > 127.0.0.1:46432 <http://127.0.0.1:46432> 2015.06.09 16:56:13 > LOG5[3]: Service [pgbouncer-client] connected remote server from > 127.0.0.1:54633 <http://127.0.0.1:54633> 2015.06.09 16:56:13 > LOG7[3]: Remote socket (FD=9) initialized 2015.06.09 16:56:13 > LOG6[3]: Read socket closed (read hangup) 2015.06.09 16:56:13 > LOG7[3]: Sending close_notify alert 2015.06.09 16:56:13 LOG7[3]: > SSL alert (write): warning: close notify 2015.06.09 16:56:13 > LOG6[3]: SSL_shutdown successfully sent close_notify alert > 2015.06.09 16:56:13 LOG3[3]: INTERNAL ERROR: s_poll_wait returned > 1, but no descriptor is ready 2015.06.09 16:56:13 LOG5[3]: > Connection reset: 58 byte(s) sent to SSL, 164 byte(s) sent to > socket 2015.06.09 16:56:13 LOG7[3]: Remote socket (FD=9) closed > 2015.06.09 16:56:13 LOG7[3]: Local socket (FD=8) closed 2015.06.09 > 16:56:13 LOG7[3]: Service [pgbouncer-client] finished (0 left) > > In pgbouncer, I get the following error: Pooler Error: bad packet > header: '70' > > And in JDBC, the following exception: GRAVE: ERROR: bad packet > header: '70' org.postgresql.util.PSQLException: ERROR: bad packet > header: '70' > > Where might be the problem ? Does the stunnel parameter > protocol=pgsql work with JDBC ? > > Thank you > > > _______________________________________________ stunnel-users > mailing list [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVeCR+AAoJEC78f/DUFuAUD2kQAJcSnsI7AXT/U6BX0EEayRF+ Oepb7d9vaBdfm1Q5ZGe5o3svujM/6tW3WZ+Ycef2SZ95twaKY+Wna/tS+JQpNzF5 IL62vUubI+hr+7b+pO8SRRkxs+zLxByZsYLBzg7oUeZ8AR6v5Yc8G/lVNptppdLg uEthPxI6QXs2C9uIdv6TdKiznnD+52l17wi8lcko9/5OZh2+9YnJDe3CesR74xhC HVIBiZg1AaxVx3MXhlh0Muxa4+G8AZdyfJbl67JhhgY8EAFdiaL+ZqpoaEU86Oy0 8Y0Dugza9o/PhJv8tQSQRi6QiiqybJHMvZj+FcJzVvE70eze5HVdYCz8Z1gZEbEH 02chM56ffB9XdxKK9aTE3gLO96PhqGrjDoBCPkc8yk9CgqLPcKWdsnF6aRPgZoUX tqk6izMiKkrHY6R1A4Nu8GONfXUAPcfPXkM8wc/FrGvedJGqfsHPFpaUivirYnFM zpeo/H8l0yJGOAL1Fu2b17PkEOAJ9zsI5wc5n8P8yAa8hR7gJPWSaRv9JuFi6aGh Zbq9hEmgHCPqwD/IuIWZZq0V3Fs7cour6f0vrInQO1K+6SYPVD71RSrxTsfYrmis nKH0eVB6xA71Cptl3FAYCLbQqGnAz1YG+pxJytpqSpTNE+Uub7LUuW93uIOQc7rt 3dbmhwICXn/E8WtDDuRH =GlO0 -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
