Hi, Did you try with another type of client to see if the issue is the same ?
Flo On Thu, Jul 5, 2018 at 1:41 PM, Spies, Will <[email protected]> wrote: > Thanks for the quick response. The client is an Echo Show device and there > is no log. It is an RTSP connection and my backend (behind Stunnel) is > Live555ProxyServer. I read somewhere there is some bug related to MSIE > that closed the connection like this and the fix is to use TIMEOUTclose=0 > which I did but this did not help. This is the earlier (startup) portion of > my log: > > 2018.07.05 05:30:45 LOG7[ui]: Clients allowed=500 > 2018.07.05 05:30:45 LOG5[ui]: stunnel 5.48 on x86_64-pc-linux-gnu platform > 2018.07.05 05:30:45 LOG5[ui]: Compiled/running with OpenSSL 1.1.0g 2 Nov > 2017 > 2018.07.05 05:30:45 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 > TLS:ENGINE,FIPS,OCSP,PSK,SNI > 2018.07.05 05:30:45 LOG7[ui]: errno: (*__errno_location ()) > 2018.07.05 05:30:45 LOG5[ui]: Reading configuration from file > /etc/stunnel/stunnel.conf > 2018.07.05 05:30:45 LOG5[ui]: UTF-8 byte order mark not detected > 2018.07.05 05:30:45 LOG5[ui]: FIPS mode disabled > 2018.07.05 05:30:45 LOG7[ui]: Compression disabled > 2018.07.05 05:30:45 LOG7[ui]: No PRNG seeding was required > 2018.07.05 05:30:45 LOG6[ui]: Initializing service [rtsp] > 2018.07.05 05:30:45 LOG7[ui]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK > 2018.07.05 05:30:45 LOG7[ui]: TLS options: 0x02004004 (+0x00004000, > -0x00000000) > 2018.07.05 05:30:45 LOG6[ui]: Loading certificate from file: > /etc/stunnel/stunnel.pem > 2018.07.05 05:30:45 LOG6[ui]: Certificate loaded from file: > /etc/stunnel/stunnel.pem > 2018.07.05 05:30:45 LOG6[ui]: Loading private key from file: > /etc/stunnel/stunnel.pem > 2018.07.05 05:30:45 LOG4[ui]: Insecure file permissions on > /etc/stunnel/stunnel.pem > 2018.07.05 05:30:45 LOG6[ui]: Private key loaded from file: > /etc/stunnel/stunnel.pem > 2018.07.05 05:30:45 LOG7[ui]: Private key check succeeded > 2018.07.05 05:30:45 LOG7[ui]: ECDH initialization > 2018.07.05 05:30:45 LOG7[ui]: ECDH initialized with curve prime256v1 > 2018.07.05 05:30:45 LOG5[ui]: Configuration successful > 2018.07.05 05:30:45 LOG7[ui]: Binding service [rtsp] > 2018.07.05 05:30:45 LOG7[ui]: Listening file descriptor created (FD=7) > 2018.07.05 05:30:45 LOG7[ui]: Setting accept socket options (FD=7) > 2018.07.05 05:30:45 LOG7[ui]: Option SO_REUSEADDR set on accept socket > 2018.07.05 05:30:45 LOG6[ui]: Service [rtsp] (FD=7) bound to > 192.168.112.16:443 > 2018.07.05 05:30:45 LOG7[main]: No pid file being created > 2018.07.05 05:30:45 LOG7[cron]: Cron thread initialized > 2018.07.05 05:31:00 LOG7[main]: Found 1 ready file descriptor(s) > 2018.07.05 05:31:00 LOG7[main]: FD=4 events=0x2001 revents=0x0 > 2018.07.05 05:31:00 LOG7[main]: FD=7 events=0x2001 revents=0x1 > 2018.07.05 05:31:00 LOG7[main]: Service [rtsp] accepted (FD=3) from > 192.168.112.194:51692 > 2018.07.05 05:31:00 LOG7[0]: Service [rtsp] started > 2018.07.05 05:31:00 LOG7[0]: Setting local socket options (FD=3) > 2018.07.05 05:31:00 LOG7[0]: Option TCP_NODELAY set on local socket > 2018.07.05 05:31:00 LOG5[0]: Service [rtsp] accepted connection from > 192.168.112.194:51692 > 2018.07.05 05:31:00 LOG6[0]: Peer certificate not required > 2018.07.05 05:31:00 LOG7[0]: TLS state (accept): before SSL initialization > 2018.07.05 05:31:00 LOG7[0]: TLS state (accept): before SSL initialization > 2018.07.05 05:31:00 LOG7[0]: SNI: no virtual services defined > 2018.07.05 05:31:00 LOG7[0]: TLS state (accept): SSLv3/TLS read client > hello > 2018.07.05 05:31:00 LOG7[0]: TLS state (accept): SSLv3/TLS write server > hello > 2018.07.05 05:31:00 LOG7[0]: TLS state (accept): SSLv3/TLS write > certificate > 2018.07.05 05:31:00 LOG7[0]: TLS state (accept): SSLv3/TLS write key > exchange > 2018.07.05 05:31:00 LOG7[0]: TLS state (accept): SSLv3/TLS write server > done > 2018.07.05 05:31:00 LOG7[main]: Found 1 ready file descriptor(s) > 2018.07.05 05:31:00 LOG7[main]: FD=4 events=0x2001 revents=0x0 > 2018.07.05 05:31:00 LOG7[main]: FD=7 events=0x2001 revents=0x1 > 2018.07.05 05:31:00 LOG7[main]: Service [rtsp] accepted (FD=9) from > 192.168.112.197:43868 > (bottom part in my original email) > > > > -----Original Message----- > From: Peter Pentchev [mailto:[email protected]] > Sent: Thursday, July 05, 2018 7:18 AM > To: Spies, Will <[email protected]> > Cc: [email protected] > Subject: [EXTERNAL] Re: [stunnel-users] Stunnel connection issue? > > On Thu, Jul 05, 2018 at 09:58:33AM +0000, Spies, Will wrote: > > I've been trying to get Stunnel to work for some time now. I have > > avoided using the mail list - but I see no recourse now. I think I've > > tried just about every setting I could find. I appear to be getting a > > connection issue - but as you will see the log just doesn't indicate > > clearly what is going on. The behavior is my client is failing to get > > a connection through Stunnel to my backend. The log appears to be > > closing a socket (but can't tell which one frontend or backend). > > Actually the log says "TLS socket closed (SSL_read)", which means that the > "read some bytes from the secure socket" operation said "there are no bytes > to read, the other side closed the connection", meaning your client, the > one that negotiates the TLS connection with stunnel, has closed the > connection immediately after stunnel considered it negotiated. > The next line in the log, "0 byte(s) sent to TLS, 0 byte(s) sent to > socket", says that the client did indeed not even try to send any data over > the established secure connection or receive any data from it, it just > closed the connection immediately after stunnel thought they had formed a > chummy relationship. > > Is there any way you could get your client program to log verbosely what > it is trying to do over the secure connection? Are there any messages on > that side? > > G'luck, > Peter > > -- > Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} [email protected] > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
