Subject: Stunnel hangs on big flows of data - msg#00050

Previous Message by Date: click to view message preview

Fwd: Stunnel client not sending data

I forgot to send this to the entire group. My server program was listening on the wrong port. :-) Thanks, - Jeremiah ---------- Forwarded message ---------- From: Jeremiah Martell <inlovewithgod@xxxxxxxxx> Date: Oct 25, 2006 8:59 AM Subject: Re: [stunnel-users] Stunnel client not sending data To: Carter Browne <cbrowne@xxxxxxxxxxxx> HA! Such a simple thing, but yes, that was the problem. I had the wrong port. :-) Thanks, - Jeremiah On 10/25/06, Carter Browne <cbrowne@xxxxxxxxxxxx> wrote: Jeremiah, I set the debug level on a stunnel configuration to 7 to understand better where you are failing. You have established good connection to stunnel, but stunnel cannot get to 127.0.0.1:10000. So is your application listening on 127.0.0.1:10000? Have you tried running netstat -an to establish that there is a process listening to the port? Carter Jeremiah Martell wrote: > Carter, > > You're right. That was a typo error on my part. My config says 1.2.3.70. > > Anything other ideas? > > Thanks, > - Jeremiah > > On 10/25/06, Carter Browne <cbrowne@xxxxxxxxxxxx> wrote: >> On the server side, I think you should be receiving on 1.2.3.70 (since >> that is where you are sending the data). >> >> Carter >> >> Jeremiah Martell wrote: >> > Hello, >> > >> > I have a program that opens up a connection to port 10000 of a server >> > and sends it some data. It works normally. I'm trying to "stunnel" >> > both ends. >> > >> > In my program I create a socket, connect to local port 7033, send my >> > data, and close the socket. I verified that every function call >> > returns success (socket, setsockopt (for TCP_NODELAY), gethostbyname, >> > connect, and send). >> > >> >> From what the logs show below, it seems that server stunnel gets the >> > connection from the client stunnel, they successfully negotiate the >> > SSL stuff, then the client stunnel waits for any data to proxy to the >> > server stunnel. The server stunnel is waiting too, and after 10 >> > seconds of no data, it closes the socket. >> > >> > For some reason the client stunnel is not getting my data and >> > therefore doesn't forward anything over to the server stunnel. I'm not >> > sure why this is happening, because my program works normally and I've >> > verified that everything returned success. >> > >> > Any ideas? >> > >> > - Jeremiah >> > >> > ----------------------------- >> > >> > ON CLIENT (1.2.3.60) >> > >> > Linux >> > stunnel 4.16 >> > OpenSSL 0.9.7c >> > >> > stunnel.conf is... >> > pid = >> > client = yes >> > >> > [7033] >> > accept = 127.0.0.1:7033 >> > connect = 1.2.3.70:7033 >> > >> > ----------------------------- >> > >> > ON SERVER (1.2.3.70) >> > >> > Windows >> > stunnel 4.16 windows binary installer (Aug 31 2006) >> > >> > stunnel.conf is... >> > >> > cert = stunnel.pem >> > socket = l:TCP_NODELAY=1 >> > socket = r:TCP_NODELAY=1 >> > debug = 7 >> > >> > [7033] >> > accept = 1.2.3.60:7033 >> > connect = 127.0.0.1:10000 >> > >> > ----------------------------- >> > >> > On client I see this debug... >> > >> > Oct 24 14:38:22 stunnel: LOG5[2892:258]: 7033 connected from >> > 127.0.0.1:10251 >> > Oct 24 14:38:32 stunnel: LOG3[2892:258]: SSL_read: Connection reset by >> > peer (104) >> > Oct 24 14:38:32 stunnel: LOG5[2892:258]: Connection reset: 56 bytes >> > sent to SSL, 0 bytes send to socket >> > >> > ----------------------------- >> > >> > On server I see this debug... >> > >> > 2006.10.24 14:43:08 LOG7[2596:4068]: 7033 accepted FD=196 from >> > 1.2.3.60:10252 >> > 2006.10.24 14:43:08 LOG7[2596:4068]: Creating a new thread >> > 2006.10.24 14:43:09 LOG7[2596:4068]: New thread created >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 started >> > 2006.10.24 14:43:09 LOG7[2596:2372]: FD 196 in non-blocking mode >> > 2006.10.24 14:43:09 LOG7[2596:2372]: TCP_NODELAY option set on local >> socket >> > 2006.10.24 14:43:09 LOG5[2596:2372]: 7033 connected from 1.2.3.60:10252 >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): before/accept >> > initialization >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read >> > client hello A >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write >> > server hello A >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write >> > certificate A >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write >> > server done A >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush >> data >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read >> > client key exchange A >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read >> > finished A >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write >> > change cipher spec A >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write >> > finished A >> > 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush >> data >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 3 items in the session cache >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects >> (SSL_connect()) >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects that finished >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client renegotiations >> requested >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects >> (SSL_accept()) >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects that finished >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 0 server renegotiations >> requested >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache hits >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache misses >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache timeouts >> > 2006.10.24 14:43:09 LOG6[2596:2372]: SSL accepted: new session >> negotiated >> > 2006.10.24 14:43:09 LOG6[2596:2372]: Negotiated ciphers: AES256-SHA >> > SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 >> > 2006.10.24 14:43:09 LOG7[2596:2372]: FD 180 in non-blocking mode >> > 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 connecting 127.0.0.1:10000 >> > 2006.10.24 14:43:09 LOG7[2596:2372]: connect_wait: waiting 10 seconds >> > 2006.10.24 14:43:19 LOG6[2596:2372]: connect_wait: s_poll_wait timeout >> > 2006.10.24 14:43:19 LOG5[2596:2372]: Connection reset: 0 bytes sent to >> > SSL, 0 bytes sent to socket >> > 2006.10.24 14:43:19 LOG7[2596:2372]: 7033 finished (0 left) >> > _______________________________________________ >> > stunnel-users mailing list >> > stunnel-users@xxxxxxxx >> > http://stunnel.mirt.net/mailman/listinfo/stunnel-users >> > >> >> >> > _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users

Next Message by Date: click to view message preview

Re: Stunnel hangs on big flows of data

On Thursday 26 October 2006 17:54, Dario Mariani wrote: > I'm deploying stunnel on some servers. > I did some tests, and i never had problems. > For example, i tried 5k parallel connections, > and i didn't have any problem. Thank you for the information. What is your platform (hardware, operating system)? > 2006.10.20 16:00:58 LOG7[20302:75]: SSL_read returned WANT_READ: > retrying [cut] > It did complete correctly within a pair of minutes on an ibook 64 > 1.33 1g ram, but with LOADS of want_read and want_write errors on > both sides of stunnel. They're not errors! They're debug (LOG7) messages. The message does not indicate anything wrong by itself. Debugging should be only enabled when you're trying to diagnose a problem - not in a production system. > Can you help me? What is the problem (besides those debug messages)? How can I reproduce the hang mentioned int the subject? Best regards, Mike pgp7pDr6sY03D.pgp Description: PGP signature _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users

Previous Message by Thread: click to view message preview

setting up HTTPS service?

Complete newbie here, so please bear with me. I want to set up HTTPS service on a Mac OS X (10.4.7) machine running a custom web server. I imagine that Stunnel could be made to listen on the standard HTTPS port (443), do the encryption/decryption, and pass the resulting data to/from the HTTP port (80, or a custom port I specify). This is probably very easy, but none of the documentation or examples I found covered this. Has anyone done this? Or if not, can you sketch out how I would go about it? Any gotchas or caveats I should be aware of? Many thanks, - Joe _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users

Next Message by Thread: click to view message preview

Re: Stunnel hangs on big flows of data

On Thursday 26 October 2006 17:54, Dario Mariani wrote: > I'm deploying stunnel on some servers. > I did some tests, and i never had problems. > For example, i tried 5k parallel connections, > and i didn't have any problem. Thank you for the information. What is your platform (hardware, operating system)? > 2006.10.20 16:00:58 LOG7[20302:75]: SSL_read returned WANT_READ: > retrying [cut] > It did complete correctly within a pair of minutes on an ibook 64 > 1.33 1g ram, but with LOADS of want_read and want_write errors on > both sides of stunnel. They're not errors! They're debug (LOG7) messages. The message does not indicate anything wrong by itself. Debugging should be only enabled when you're trying to diagnose a problem - not in a production system. > Can you help me? What is the problem (besides those debug messages)? How can I reproduce the hang mentioned int the subject? Best regards, Mike pgp7pDr6sY03D.pgp Description: PGP signature _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users