Hi Liz,
Thanks for your reply.
Actually we need to run a service which will work only once stunnel
connection establish and the service will work till the time
connection connected.
But at the moment I don’t have idea like how the stunnel will remain
connected.
Could you please suggest me to fix this so that stunnel connection
remain connected and I can run the application.
Waiting for your valuable response.
Regards,
Dheeraj Gautam
*From:*Liz Turi [mailto:[email protected]]
*Sent:* Tuesday, June 13, 2017 9:19 PM
*To:* Dheeraj Gautam <[email protected]>; Małgorzata Olszówka
<[email protected]>
*Cc:* [email protected]
*Subject:* RE: [stunnel-users] Stunnel Connectivity Issue
Hi, Dheeraj,
Are you testing the connection with Telnet? Or are you testing with
the application. What I noticed in testing the connection is that once
the command is completed, the connection is closed.
However, when I test from my application, its only closed once all
transactions in that session are completed, and will show how much
data was passed on (following from my logs at the end of a non-telnet
test session.
*2017.06.13 10:16:08 LOG6[1]: Negotiated TLSv1.2 ciphersuite
AES256-GCM-SHA384 (256-bit encryption)*
*2017.06.13 10:16:18 LOG6[1]: Read socket closed (readsocket)*
*2017.06.13 10:16:18 LOG6[1]: SSL_shutdown successfully sent
close_notify alert*
*2017.06.13 10:16:18 LOG6[1]: TLS closed (SSL_read)*
*2017.06.13 10:16:18 LOG5[1]: Connection closed: 2791 byte(s) sent to
TLS, 1641 byte(s) sent to socket*
*Liz Turi*
Sr. Consultant
Massachusetts eHealth Collaborative
860 Winter Street, Waltham, MA 02451
(m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589
www.maehc.org<http://www.maehc.org>
fb_icon<https://www.facebook.com/massachusettsehealthcollab?fref=nf>li_icon<https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>tw_icon<https://twitter.com/MAeHC_org>
*From:*stunnel-users [mailto:[email protected]] *On
Behalf Of *Dheeraj Gautam
*Sent:* Tuesday, June 13, 2017 11:41 AM
*To:* Małgorzata Olszówka <[email protected]
<mailto:[email protected]>>
*Cc:* [email protected] <mailto:[email protected]>
*Subject:* Re: [stunnel-users] Stunnel Connectivity Issue
HI Guys,
below is the config which i have configured with TLSv1.2, but still
connection establishing only for while when i telnet telnet 127.0.0.1
9233. and just after connection closed.
[TCP]
client=yes
cert = BBG_cert.pem
key = BBG_key.pem
verifyChain = yes
CAfile = BBG_CACerts.pem
connect = 69.191.198.34:8228 <http://69.191.198.34:8228>
accept = 127.0.0.1:9233 <http://127.0.0.1:9233>
sslVersion = TLSv1.2
below the logs:
2017.06.13 11:57:49 LOG5[main]: Reading configuration from file
stunnel.conf
2017.06.13 11:57:49 LOG5[main]: UTF-8 byte order mark detected
2017.06.13 11:57:49 LOG5[main]: FIPS mode disabled
2017.06.13 11:57:49 LOG3[main]: Service [TCP]: Each service must
define two endpoints
2017.06.13 11:57:49 LOG3[main]: Failed to reload the configuration file
2017.06.13 16:37:16 LOG5[main]: Reading configuration from file
stunnel.conf
2017.06.13 16:37:16 LOG5[main]: UTF-8 byte order mark detected
2017.06.13 16:37:16 LOG5[main]: FIPS mode disabled
2017.06.13 16:37:16 LOG4[main]: Service [TCP] uses "verifyChain"
without subject checks
2017.06.13 16:37:16 LOG4[main]: Use "checkHost" or "checkIP" to
restrict trusted certificates
2017.06.13 16:37:16 LOG5[main]: Configuration successful
2017.06.13 16:38:38 LOG5[11]: Service [TCP] accepted connection from
127.0.0.1:62736 <http://127.0.0.1:62736>
2017.06.13 16:38:38 LOG5[11]: s_connect: connected 69.191.198.34:8228
<http://69.191.198.34:8228>
2017.06.13 16:38:38 LOG5[11]: Service [TCP] connected remote server
from 172.16.1.23:62737 <http://172.16.1.23:62737>
2017.06.13 16:38:39 LOG5[11]: Certificate accepted at depth=0: C=US,
ST=NEW YORK, L=NEW YORK, O=Bloomberg LP, OU=FIXBETA,
CN=fixbeta.bloomberg.com <http://fixbeta.bloomberg.com>,
[email protected] <mailto:[email protected]>
2017.06.13 16:39:10 LOG5[11]: Connection closed: 0 byte(s) sent to
TLS, 0 byte(s) sent to socket
i want connection remained connected every time so that i can run the
application.
application can be work only if the connection remain connected.
please help me to sort this out.
Regards,
Dheeraj Gautam
On 25 May 2017 at 12:29, Małgorzata Olszówka
<[email protected]
<mailto:[email protected]>> wrote:
Could you please let us know what parameters we are missing
here due to which connection is not establishing with remote
server.
Although, stunnel logs indicating that configuration
successful, but in logs no where is mentioned about the
connection is it connected or not,
Hello Dheeraj,
You should set the verifyChain option in order to verify the
certificate stored in the file specified with CAfile:
verifyChain = yes
Then you can test your connection:
telnet 127.0.0.1 9233
the stunnel logs will show information about the connection attempt.
Regards,
Małgorzata
_______________________________________________
stunnel-users mailing list
[email protected] <mailto:[email protected]>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
www.arborfs.com <http://www.arborfs.com>
This e-mail and any attachment are confidential and contain
proprietary information, some or all of which may be legally privileged.
It is intended solely for the use of the individual or entity to which
it is addressed. If you are not the intended recipient, please notify
the author immediately by telephone or by replying to this e-mail, and
then delete all copies of the e-mail on your system. If you are not
the intended recipient, you must not use, disclose, distribute, copy,
print or rely on this e-mail.
Whilst we have taken reasonable precautions to ensure that this e-mail
and any attachment has been checked for viruses, we cannot guarantee
that they are virus free and we cannot accept liability for any damage
sustained as a result of software viruses. We would advise that you
carry out your own virus checks, especially before opening an attachment.
CONFIDENTIALITY NOTICE
The information contained in this email transmission is legally
privileged and confidential information intended only for the use of
the addressee named above. If the reader of this message is not the
intended recipient you are hereby notified that any dissemination,
distribution or copying of this email transmission is strictly
prohibited. If you have received this email transmission in error,
please notify us immediately. Thank you.
www.arborfs.com <http://www.arborfs.com>
This e-mail and any attachment are confidential and contain
proprietary information, some or all of which may be legally privileged.
It is intended solely for the use of the individual or entity to which
it is addressed. If you are not the intended recipient, please notify
the author immediately by telephone or by replying to this e-mail, and
then delete all copies of the e-mail on your system. If you are not
the intended recipient, you must not use, disclose, distribute, copy,
print or rely on this e-mail.
Whilst we have taken reasonable precautions to ensure that this e-mail
and any attachment has been checked for viruses, we cannot guarantee
that they are virus free and we cannot accept liability for any damage
sustained as a result of software viruses. We would advise that you
carry out your own virus checks, especially before opening an attachment.
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
