Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[stunnel-users] STunnel Connection closed: 150 byte(s) sent to SSL, 0 byte(s) sent to socket
1,261 views
Skip to first unread message
Vivek Gupta
Oct 6, 2014, 6:13:15 AM10/6/14
to
Hi
I am using sTunnel for communication betweem my TCP client and a remote
SERVER but I am getting error as always-
Signal pipe is empty
Service [LMAX-fix-tunnel-DEMO-MktData] accepted (FD=348) from 127.0.0.1:55919
2014.10.06 :34:56 LOG7[4220]: Creating a new thread
New thread created
Service [LMAX-fix-tunnel-DEMO-MktData] started
Service [LMAX-fix-tunnel-DEMO-MktData] accepted connection from
127.0.0.1:55919
s_connect: connecting 91.215.165.69:443
s_connect: s_poll_wait 91.215.165.69:443: waiting 10 seconds
s_connect: connected 91.215.165.69:443
Service [LMAX-fix-tunnel-DEMO-MktData] connected remote server from
192.168.1.5:55920
Remote socket (FD=352) initialized
SNI: sending servername: fix-md-ate.lmaxtrader.com
SSL state (connect): before/connect initialization
SSL state (connect): SSLv3 write client hello A
SSL state (connect): SSLv3 read server hello A
SSL state (connect): SSLv3 read server certificate A
SSL state (connect): SSLv3 read server done A
SSL state (connect): SSLv3 write client key exchange A
SSL state (connect): SSLv3 write change cipher spec A
SSL state (connect): SSLv3 write finished A
SSL state (connect): SSLv3 flush data
SSL state (connect): SSLv3 read finished A
1 items in the session cache
1 client connects (SSL_connect())
1 client connects that finished
0 client renegotiations requested
0 server connects (SSL_accept())
0 server connects that finished
0 server renegotiations requested
0 session cache hits
0 external session cache hits
0 session cache misses
0 session cache timeouts
Peer certificate was cached (3944 bytes)
SSL connected: new session negotiated
Negotiated TLSv1/SSLv3 ciphersuite: AES128-SHA (128-bit encryption)
Compression: null, expansion: null
SSL_read returned WANT_READ: retrying
SSL socket closed (SSL_read)
Sent socket write shutdown
Connection closed: 150 byte(s) sent to SSL, 0 byte(s) sent to socket
Remote socket (FD=352) closed
Local socket (FD=348) closed
Service [LMAX-fix-tunnel-DEMO-MktData] finished (0 left)
Please suggest.
_______________________________________________
stunnel-users mailing list
stunne...@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
I am using sTunnel for communication betweem my TCP client and a remote
SERVER but I am getting error as always-
Signal pipe is empty
Service [LMAX-fix-tunnel-DEMO-MktData] accepted (FD=348) from 127.0.0.1:55919
2014.10.06 :34:56 LOG7[4220]: Creating a new thread
New thread created
Service [LMAX-fix-tunnel-DEMO-MktData] started
Service [LMAX-fix-tunnel-DEMO-MktData] accepted connection from
127.0.0.1:55919
s_connect: connecting 91.215.165.69:443
s_connect: s_poll_wait 91.215.165.69:443: waiting 10 seconds
s_connect: connected 91.215.165.69:443
Service [LMAX-fix-tunnel-DEMO-MktData] connected remote server from
192.168.1.5:55920
Remote socket (FD=352) initialized
SNI: sending servername: fix-md-ate.lmaxtrader.com
SSL state (connect): before/connect initialization
SSL state (connect): SSLv3 write client hello A
SSL state (connect): SSLv3 read server hello A
SSL state (connect): SSLv3 read server certificate A
SSL state (connect): SSLv3 read server done A
SSL state (connect): SSLv3 write client key exchange A
SSL state (connect): SSLv3 write change cipher spec A
SSL state (connect): SSLv3 write finished A
SSL state (connect): SSLv3 flush data
SSL state (connect): SSLv3 read finished A
1 items in the session cache
1 client connects (SSL_connect())
1 client connects that finished
0 client renegotiations requested
0 server connects (SSL_accept())
0 server connects that finished
0 server renegotiations requested
0 session cache hits
0 external session cache hits
0 session cache misses
0 session cache timeouts
Peer certificate was cached (3944 bytes)
SSL connected: new session negotiated
Negotiated TLSv1/SSLv3 ciphersuite: AES128-SHA (128-bit encryption)
Compression: null, expansion: null
SSL_read returned WANT_READ: retrying
SSL socket closed (SSL_read)
Sent socket write shutdown
Connection closed: 150 byte(s) sent to SSL, 0 byte(s) sent to socket
Remote socket (FD=352) closed
Local socket (FD=348) closed
Service [LMAX-fix-tunnel-DEMO-MktData] finished (0 left)
Please suggest.
_______________________________________________
stunnel-users mailing list
stunne...@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Michal Trojnara
Oct 6, 2014, 7:47:38 AM10/6/14
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Vivek,
I tried connecting fix-md-ate.lmaxtrader.com:443 with s_client:
$ openssl s_client -connect fix-md-ate.lmaxtrader.com:443 -tls1
The service behaves the same way as with stunnel: it negotiates TLS,
and then disconnects the TCP session without sending any data. I
cannot see any stunnel error here.
Another example:
$ curl -1 https://fix-md-ate.lmaxtrader.com
curl: (52) Empty reply from server
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQygVoACgkQ/NU+nXTHMtHRAQCeP6yfrYGrP4bBt1T2CnNR8lhK
abQAoKeGCx2RqhefgIoVDdrInjK6TxUx
=MHiJ
-----END PGP SIGNATURE-----
Hash: SHA1
Hi Vivek,
I tried connecting fix-md-ate.lmaxtrader.com:443 with s_client:
$ openssl s_client -connect fix-md-ate.lmaxtrader.com:443 -tls1
The service behaves the same way as with stunnel: it negotiates TLS,
and then disconnects the TCP session without sending any data. I
cannot see any stunnel error here.
Another example:
$ curl -1 https://fix-md-ate.lmaxtrader.com
curl: (52) Empty reply from server
Mike
Version: GnuPG v1
iEYEARECAAYFAlQygVoACgkQ/NU+nXTHMtHRAQCeP6yfrYGrP4bBt1T2CnNR8lhK
abQAoKeGCx2RqhefgIoVDdrInjK6TxUx
=MHiJ
-----END PGP SIGNATURE-----
Vivek Gupta
Oct 6, 2014, 8:33:07 AM10/6/14
to
Hi Michal
Problem is stunnel is receiving the data from Client but this data is not
being forwarded to server and then connection is closed. I am stuck in
that.
My config options is as follows:
fips = yes
cert = stunnel.pem
key = stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
accept = 127.0.0.1:40003
connect = fix-md-ate.lmaxtrader.com:443
Thanks & Regards
Vivek Gupta
9971514343
Problem is stunnel is receiving the data from Client but this data is not
being forwarded to server and then connection is closed. I am stuck in
that.
My config options is as follows:
fips = yes
cert = stunnel.pem
key = stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
accept = 127.0.0.1:40003
connect = fix-md-ate.lmaxtrader.com:443
Thanks & Regards
Vivek Gupta
9971514343
Graham Nayler (work)
Oct 6, 2014, 10:51:51 AM10/6/14
to
Vivek,
"Problem is stunnel is receiving the data from Client but this data is not
being forwarded to server"
No it is not. From the evidence provided by you: (Connection closed: 150
byte(s) sent to SSL, 0 byte(s) sent to socket) the message has been passed
on to the server, but it has responded by shutting down the link without
returning any data. This is what was confirmed by Michal in his tests using
"openssl s_client...." and "curl ....". I've also just tried acceessing that
server from a browser and got "No data received".
Now it's possible/likely that neither Michal nor myself have sent the server
anything that would return valid data, so there is other information you
need to provide.
What are you sending to the server and what return to you expect? You need
to post that (obviously something not commercially sensitive)
Do you have an application that IS receiving data from that server not using
stunnel?
I see that trade.lmaxtrader.com responds with a login screen. Is the
fix-md-ate url only available after some kind of login? Or do you need to
provide it with a specific certificate to get an authorized response?
(The next two are highly unlikely, if this is part of LMAX which appears to
be a sizeable organisation)
Do you have any control over how that server is implemented?
If the server is securing its end of the conversation with Stunnel, it's
possible that there is a bug there: Stunnel 5.xx prior to 5.05 had a race
condition bug whereby it may close the connection without returning data.
That has now been fixed in 5.05...but it may be worth checking.
The problem is most likely something wrong with what you (and we) are
sending, or you need to contact the owner of the server site. (I only looked
at your problem because it has the same symptoms I had with the server-side
bug, but it's not likely that this is your problem)
Graham
"Problem is stunnel is receiving the data from Client but this data is not
being forwarded to server"
byte(s) sent to SSL, 0 byte(s) sent to socket) the message has been passed
on to the server, but it has responded by shutting down the link without
returning any data. This is what was confirmed by Michal in his tests using
"openssl s_client...." and "curl ....". I've also just tried acceessing that
server from a browser and got "No data received".
Now it's possible/likely that neither Michal nor myself have sent the server
anything that would return valid data, so there is other information you
need to provide.
What are you sending to the server and what return to you expect? You need
to post that (obviously something not commercially sensitive)
Do you have an application that IS receiving data from that server not using
stunnel?
I see that trade.lmaxtrader.com responds with a login screen. Is the
fix-md-ate url only available after some kind of login? Or do you need to
provide it with a specific certificate to get an authorized response?
(The next two are highly unlikely, if this is part of LMAX which appears to
be a sizeable organisation)
Do you have any control over how that server is implemented?
If the server is securing its end of the conversation with Stunnel, it's
possible that there is a bug there: Stunnel 5.xx prior to 5.05 had a race
condition bug whereby it may close the connection without returning data.
That has now been fixed in 5.05...but it may be worth checking.
The problem is most likely something wrong with what you (and we) are
sending, or you need to contact the owner of the server site. (I only looked
at your problem because it has the same symptoms I had with the server-side
bug, but it's not likely that this is your problem)
Graham
Vivek Gupta
Oct 7, 2014, 1:17:10 AM10/7/14
to
Hi
Server's response of closing the connection is solved by mentioning CAfile
= C:\Program Files (x86)\stunnel\peer-LMAX-fix-tunnel-DEMO-MktData.pem in
conf file but now I am getting "CERT: Verification error: unable to get
local issuer certificate" error.
Please suggest how to solve it.
Thanks&Regards
Vivek Gupta
9971514343
Server's response of closing the connection is solved by mentioning CAfile
= C:\Program Files (x86)\stunnel\peer-LMAX-fix-tunnel-DEMO-MktData.pem in
conf file but now I am getting "CERT: Verification error: unable to get
local issuer certificate" error.
Please suggest how to solve it.
Thanks&Regards
Vivek Gupta
9971514343
chris...@otcxn.com
Sep 3, 2018, 11:22:50 AM9/3/18
to
Did you fix this? Also having same issue here with LMAX md demo.
0 new messages