On Thu, May 12, 2022 at 12:24:15AM -0000, [email protected] wrote: > Hi All, > > I have recently configured stunnel on a Windows Server, it has been > configured using a certificate from our internal CA and appears to be > functioning ok. However we have a load balancer that is doing a health check > against the service and is polling S-Tunnel availability every 5 seconds each > time a poll occurs I am seeing the error posted below in the logs. > > 2022.05.12 10:22:55 LOG3[4113]: SSL_read: ssl/record/rec_layer_s3.c:308: > error:0A000126:SSL routines::unexpected eof while reading > 2022.05.12 10:22:55 LOG5[4113]: Connection reset: 217 byte(s) sent to TLS, 49 > byte(s) sent to socket > > Can I please have some advice on how to stop this error?
If what your load balancer is doing is creating a connection, maybe sending a couple of TLS packets, and then closing the connection without the proper TLS shutdown notifications, then it is expected for stunnel to log something like this: "somebody said they wanted to talk to me, but then they just stopped without telling me they were going to stop; please check to see if something went wrong on the other side, this connection did not follow the established protocol". You could try using e.g. tcpdump or wireshark to capture the TCP packets for a session from your load balancer to stunnel, see what packets are sent and at which stage of the connection your load balancer decides to break it off. In a perfect world, you would then be able to configure your load balancer's behavior to send more packets, if it turns out that it does indeed not send all the close notifications correctly. BTW, just as an aside, take a look at something I wrote some time ago on this list about "just connect and disconnect" service health checks: https://www.stunnel.org/mailman3/hyperkitty/list/[email protected]/thread/GQ3U2LHNTJOHBWIG34SHUU5FGURON7BO/ ...and look for "So, three points here" - the archive does not seem to allow me to link directly to my reply. Hope this helps! G'luck, Peter -- Peter Pentchev [email protected] [email protected] [email protected] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
_______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
