W dniu 15.11.2016 o 03:39, Donald F. Coffin pisze:
I am using stunnel as a proxy to support SoapUI mock services which are
used to test an SSL based application. The SoapUI and stunnel proxy are
running on an AWS Ubuntu 14.04 EC2 Instance communicating to a Tomcat
server running on a second AWS Ubuntu 14.04 EC2 Instance. The target
application uses a wildcard SSL Certificate and works successfully when
accessed using a desktop browser (Chrome or Firefox).
The issue I am encountering is that the stunnel connection logs a “SSL
closed on SSL_read” message as soon as the cipher suite is negotiated as
shown in the following stunnel.log:
2016.11.14 21:34:25 LOG6[5293:140430154827520]: SSL connected: new
session negotiated
2016.11.14 21:34:25 LOG6[5293:140430154827520]: Negotiated TLSv1/SSLv3
ciphersuite: AES128-SHA (128-bit encryption)
2016.11.14 21:34:25 LOG6[5293:140430154827520]: Compression: null,
expansion: null
2016.11.14 21:34:45 LOG7[5293:140430154827520]: SSL closed on SSL_read
2016.11.14 21:34:45 LOG7[5293:140430154827520]: Sent socket write shutdown
2016.11.14 21:34:56 LOG7[5293:140430154827520]: Socket closed on read
2016.11.14 21:34:56 LOG7[5293:140430154827520]: Sending close_notify alert
2016.11.14 21:34:56 LOG6[5293:140430154827520]: SSL_shutdown
successfully sent close_notify alert
2016.11.14 21:34:56 LOG5[5293:140430154827520]: Connection closed: 342
byte(s) sent to SSL, 250 byte(s) sent to socket
[resourceServer]
accept=localhost:8080
connect=52.43.245.161:8443
ciphers=AES128-SHA
client = yes
cert=/etc/stunnel/stunnel.pem
verify=0
Hi,
I think that the client called [resourceServer] establishes the correct
connection with a server located on 52.43.245.161:8443. This server does
not send any more data and the connection will be terminated, that's all.
It looks like:
openssl s_client -connect 52.43.245.161:8443
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For
authorized use only, CN = GeoTrust Primary Certification Authority - G3
verify error:num=19:self signed certificate in certificate chain
...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA
Session-ID:
583834F5DD4454043940C81FF37027543258C97EC2799A75371A1B177C223D72
Session-ID-ctx:
Master-Key:
DAF8AED7432455FAF9BA7483B67099DBDA32AB8C09AC736AAF6A8EF217F37CC23E0822DEDA37B33F56DEF44914B591A4
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1480078548
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
closed
Regards.
---
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie
antywirusowe Avast.
https://www.avast.com/antivirus
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
