https et stunnel

To: debian-user-french@lists.debian.org
Subject: https et stunnel
From: Jean-Philippe THIERRY <jphthierry@free.fr>
Date: Mon, 23 Jul 2007 23:03:18 +0200
Message-id: <[🔎] 20070723230318.48fa1224@localhost.localdomain>

Bonsoir,

je me débats un peu avec la configuration de stunnel4. Je voudrais créer un tunnel https mon serveur web ne m'implémentant pas. Initialement tout fonctionnait, mais depuis une mise à jour, impossible de me connecter de l'extérieur. L'erreur que j'obtiens est la suivante :

2007.07.23 22:10:21 LOG7[9273:3083189168]: FD 8 in non-blocking mode
2007.07.23 22:10:21 LOG7[9273:3083189168]: FD 9 in non-blocking mode
2007.07.23 22:10:21 LOG7[9273:3083314880]: Cleaning up the signal pipe
2007.07.23 22:10:21 LOG6[9273:3083314880]: Child process 9276 finished with code 0
2007.07.23 22:10:21 LOG7[9273:3083189168]: Connection from 217.79.216.190:41560 permitted by libwrap
2007.07.23 22:10:21 LOG5[9273:3083189168]: https connected from 217.79.216.190:41560
2007.07.23 22:10:21 LOG7[9273:3083189168]: SSL state (accept): before/accept initialization
2007.07.23 22:10:21 LOG3[9273:3083189168]: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2007.07.23 22:10:21 LOG5[9273:3083189168]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2007.07.23 22:10:21 LOG7[9273:3083189168]: https finished (0 left)

Ma configuration est la suivante :

; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/stunnel.pem
;key = /etc/stunnel/mail.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel4/stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[https]
accept  = 443
connect = 192.168.0.6:80

Je suis à court d'idées alors si l'un d'entre-vous en a une...

Jean-Philippe

Reply to:

Follow-Ups:
- Re: https et stunnel
  - From: Jean-Philippe THIERRY <jphthierry@free.fr>

Prev by Date: Re: Postfix+cyrus=Arghhhh
Next by Date: Re: ndiswrapper
Previous by thread: Re: Postfix+cyrus=Arghhhh
Next by thread: Re: https et stunnel
Index(es):
- Date
- Thread