Skip to main content

Sample Hubject Stunnel configuration

Christian Hahn
  • Updated

The following Stunnel configuration has been successfully used for the connection:

;creates a file where the process id is stored

pid=/path/to/stunnel4.pem

;sets debug level and log file

debug=7

output=/path/to/stunnel.log

client = yes

;path for trusted certificates

CApath=/path/to/trusted/certificates

session = 3600

ciphers = ALL:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH

sslVersion = SSLv3

socket=r:SO_KEEPALIVE=1

socket=l:SO_KEEPALIVE=1

 

[hubject]
accept=44444
connect=service-qa.hubject.com:443
TIMEOUTclose=10
TIMEOUTbusy=20
TIMEOUTidle=1200
cert=/path/to/sevbs-webp-hu.evbs.wor.net.crt
key=/path/to/sevbs-webp-hu.evbs.wor.net.key

verify=0

The log for the SSL handshake looks as follows:

2013.11.27 12:40:24 LOG7[2600:140675082946496]: hubject accepted FD=15 from 127.0.0.1:46547

2013.11.27 12:40:24 LOG7[2600:140675082942208]: hubject started 2013.11.27 12:40:24 LOG7[2600:140675082942208]: FD 15 in non-blocking mode

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SO_KEEPALIVE option set on local socket

2013.11.27 12:40:24 LOG7[2600:140675082942208]: Waiting for a libwrap process

2013.11.27 12:40:24 LOG7[2600:140675082942208]: Acquired libwrap process #0

2013.11.27 12:40:24 LOG7[2600:140675082942208]: Releasing libwrap process #0 2013.11.27 12:40:24 LOG7[2600:140675082942208]: Released libwrap process #0

2013.11.27 12:40:24 LOG7[2600:140675082942208]: hubject permitted by libwrap from 127.0.0.1:46547

2013.11.27 12:40:24 LOG5[2600:140675082942208]: hubject accepted connection from 127.0.0.1:46547

 

 

2013.11.27 12:40:24 LOG7[2600:140675082942208]: FD 16 in non-blocking mode

2013.11.27 12:40:24 LOG6[2600:140675082942208]: connect_blocking: connecting 217.110.178.170:443

2013.11.27 12:40:24 LOG7[2600:140675082942208]: connect_blocking: s_poll_wait 217.110.178.170:443: waiting 10 seconds

2013.11.27 12:40:24 LOG5[2600:140675082942208]: connect_blocking: connected 217.110.178.170:443

2013.11.27 12:40:24 LOG5[2600:140675082942208]: hubject connected remote server from xxxxxx:39376

2013.11.27 12:40:24 LOG7[2600:140675082942208]: Remote FD=16 initialized 2013.11.27 12:40:24 LOG7[2600:140675082942208]: SO_KEEPALIVE option set on remote socket

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): before/connect initialization

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 write client hello A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 read server hello A 2013.11.27 12:40:24 LOG6[2600:140675082942208]: VERIFY IGNORE: depth=1, /C=DE/O=Hubject GmbH/CN=Hubject CA

2013.11.27 12:40:24 LOG5[2600:140675082942208]: CRL: verification passed 2013.11.27 12:40:24 LOG5[2600:140675082942208]: VERIFY OK: depth=1, /C=DE/O=Hubject GmbH/CN=Hubject CA

2013.11.27 12:40:24 LOG6[2600:140675082942208]: VERIFY IGNORE: depth=1, /C=DE/O=Hubject GmbH/CN=Hubject CA

2013.11.27 12:40:24 LOG5[2600:140675082942208]: CRL: verification passed

2013.11.27 12:40:24 LOG5[2600:140675082942208]: VERIFY OK: depth=1, /C=DE/O=Hubject GmbH/CN=Hubject CA

2013.11.27 12:40:24 LOG6[2600:140675082942208]: VERIFY IGNORE: depth=0, /C=DE/ST=Berlin/L=Berlin/O=Hubject GmbH/CN=service-qa.hubject.com

2013.11.27 12:40:24 LOG5[2600:140675082942208]: CRL: verification passed 2013.11.27 12:40:24 LOG5[2600:140675082942208]: VERIFY OK: depth=0, /C=DE/ST=Berlin/L=Berlin/O=Hubject GmbH/CN=service-qa.hubject.com

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 read server certificate A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 read server certificate request A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 read server done A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 write client certificate A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 write client key exchange A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 write certificate verify A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 write change cipher spec A

 

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 write finished A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 flush data

2013.11.27 12:40:24 LOG7[2600:140675082942208]: SSL state (connect): SSLv3 read finished A

2013.11.27 12:40:24 LOG7[2600:140675082942208]: 1 items in the session cache

2013.11.27 12:40:24 LOG7[2600:140675082942208]: 1 client connects (SSL_connect())

2013.11.27 12:40:24 LOG7[2600:140675082942208]: 1 client connects that finished

2013.11.27 12:40:24 LOG7[2600:140675082942208]: 0 client renegotiations requested

2013.11.27 12:40:24 LOG7[2600:140675082942208]: 0 server connects (SSL_accept())

2013.11.27 12:40:24 LOG7[2600:140675082942208]: 0 server connects that finished 2013.11.27 12:40:24 LOG7[2600:140675082942208]: 0 server renegotiations requested

2013.11.27 12:40:24 LOG7[2600:140675082942208]: 0 session cache hits 2013.11.27 12:40:24 LOG7[2600:140675082942208]: 0 external session cache hits 2013.11.27 12:40:24 LOG7[2600:140675082942208]: 0 session cache misses 2013.11.27 12:40:24 LOG7[2600:140675082942208]: 0 session cache timeouts

2013.11.27 12:40:24 LOG6[2600:140675082942208]: SSL connected: new session negotiated

2013.11.27 12:40:24 LOG6[2600:140675082942208]: Negotiated ciphers: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

Related articles