[stunnel-users] Problem with Stunnel Working fine on the first connection and not on subsequent connections

Have worked on this all day without any glimmer of hope and would appreciate help and feedback! Regards, KAM # Description of your problem. What programs are on which machines, and how are they attempting to communicate. What connections are you attempting to secure in SSL. I am having problems with the regeneration of stunnel on an old but fairly reliable machine. I am switching from v3 to v4 and it works absolutely perfectly ONCE. The second time it just hangs. # What version of Stunnel you're using - remember, Stunnel 4.x doesn't take Stunnel 3.x command line options! 4.x # The list of parameters you are using for stunnel, and if you are running it standalone or from inetd/xinetd. I am running it in standalone. My conf file is: cert = /usr/local/ssl/certs/stunnel.pem key = /usr/local/ssl/certs/stunnel.pem chroot = /usr/local/var/stunnel/ setuid = nobody setgid = nobody pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = stunnel.log [ssmtp] accept = 465 connect = 10.10.10.30:25 # Output of "stunnel -f -D 7 <your-parameters>". Not sure this works on v4.X but here are the logs from the connection: 2005.11.18 19:17:56 LOG7[13166:1024]: ssmtp accepted FD=7 from 66.149.103.32:3542 2005.11.18 19:17:56 LOG7[13171:1026]: ssmtp started 2005.11.18 19:17:56 LOG7[13171:1026]: FD 7 in non-blocking mode 2005.11.18 19:17:56 LOG7[13171:1026]: TCP_NODELAY option set on local socket 2005.11.18 19:17:56 LOG7[13171:1026]: FD 10 in non-blocking mode 2005.11.18 19:17:56 LOG7[13171:1026]: FD 11 in non-blocking mode 2005.11.18 19:17:56 LOG7[13171:1026]: Connection from 66.149.103.32:3542 permitted by libwrap 2005.11.18 19:17:56 LOG5[13171:1026]: ssmtp connected from 66.149.103.32:3542 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): before/accept initialization 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 read client hello A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write server hello A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write certificate A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write server done A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 flush data 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 read client key exchange A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 read finished A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write change cipher spec A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 write finished A 2005.11.18 19:17:56 LOG7[13171:1026]: SSL state (accept): SSLv3 flush data 2005.11.18 19:17:56 LOG7[13171:1026]: 1 items in the session cache 2005.11.18 19:17:56 LOG7[13171:1026]: 0 client connects (SSL_connect()) 2005.11.18 19:17:56 LOG7[13171:1026]: 0 client connects that finished 2005.11.18 19:17:56 LOG7[13171:1026]: 0 client renegotiatations requested 2005.11.18 19:17:56 LOG7[13171:1026]: 1 server connects (SSL_accept()) 2005.11.18 19:17:56 LOG7[13171:1026]: 1 server connects that finished 2005.11.18 19:17:56 LOG7[13171:1026]: 0 server renegotiatiations requested 2005.11.18 19:17:56 LOG7[13171:1026]: 0 session cache hits 2005.11.18 19:17:56 LOG7[13171:1026]: 1 session cache misses 2005.11.18 19:17:56 LOG7[13171:1026]: 0 session cache timeouts 2005.11.18 19:17:56 LOG6[13171:1026]: SSL accepted: new session negotiated 2005.11.18 19:17:56 LOG6[13171:1026]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2005.11.18 19:17:56 LOG7[13171:1026]: FD 10 in non-blocking mode 2005.11.18 19:17:56 LOG7[13171:1026]: ssmtp connecting 10.10.10.30:25 2005.11.18 19:17:56 LOG7[13171:1026]: connect_wait: waiting 10 seconds 2005.11.18 19:17:56 LOG7[13171:1026]: connect_wait: connected 2005.11.18 19:17:56 LOG7[13171:1026]: Remote FD=10 initialized 2005.11.18 19:17:56 LOG7[13171:1026]: TCP_NODELAY option set on remote socket 2005.11.18 19:17:58 LOG7[13171:1026]: Socket closed on read 2005.11.18 19:17:58 LOG7[13171:1026]: SSL write shutdown 2005.11.18 19:17:58 LOG7[13171:1026]: SSL alert (write): warning: close notify 2005.11.18 19:17:58 LOG7[13171:1026]: SSL_shutdown retrying 2005.11.18 19:17:58 LOG7[13171:1026]: SSL doesn't need to read or write 2005.11.18 19:17:58 LOG7[13171:1026]: SSL socket closed on SSL_read 2005.11.18 19:17:58 LOG7[13171:1026]: Socket write shutdown 2005.11.18 19:17:58 LOG5[13171:1026]: Connection closed: 827 bytes sent to SSL, 1362 bytes sent to socket 2005.11.18 19:17:58 LOG7[13171:1026]: ssmtp finished (-1 left) There is nothing more after this point # Output of "stunnel -V". I think you want -version: /usr/local/sbin/stunnel -version stunnel 4.14 on i686-pc-linux-gnu PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7e 25 Oct 2004 Global options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH debug = 5 key = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/var/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none Service-level options TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds # Output of "uname -a". Linux <removed> 2.2.26 #8 Fri Jul 16 00:42:34 EDT 2004 i686 unknown # Your libc version if you use Linux. 2.2.5 # Output of "gcc -v". Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) # Output of "openssl version" or "ssleay version" depending on your library. Subscribe to stunnel-users. OpenSSL 0.9.7e 25 Oct 2004