[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: [stunnel-users] TLS alert (write): fatal: decode error (pop3 to office365)
From: m.strunk () mulderconnect ! nl
Date: 2022-07-26 12:46:54
Message-ID: 165883961430.2031.4720185431303789903 () stunnel ! org
[Download RAW message or body]
We now use stunnel as a solution for a pop3 import for Office365. It just stopped \
working since Wednesday. we have done a new installation on this, only now we run \
into these problems that it no longer wants to connect.
Below you will find our debug list and config list.
Do any of you have a solution to this problem?
Debug:
2022.07.26 14:34:37 LOG6[service]: Service [POP3 Incoming] (FD=876) bound to \
0.0.0.0:110 2022.07.26 14:34:37 LOG6[service]: Service [SMTP Outgoing] (FD=840) bound \
to 0.0.0.0:25 2022.07.26 14:34:54 LOG5[21]: Service [POP3 Incoming] accepted \
connection from 192.168.110.11:60494 2022.07.26 14:34:54 LOG6[21]: Peer certificate \
not required 2022.07.26 14:35:24 LOG3[21]: SSL_accept: ssl/record/rec_layer_s3.c:308: \
error:0A000126:SSL routines::unexpected eof while reading 2022.07.26 14:35:24 \
LOG5[21]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket \
2022.07.26 14:35:24 LOG4[21]: Possible memory leak at crypto/asn1/asn1_lib.c:308: \
87315 allocations 2022.07.26 14:35:24 LOG4[21]: Possible memory leak at \
crypto/asn1/tasn_new.c:136: 77533 allocations 2022.07.26 14:35:24 LOG4[21]: Possible \
memory leak at crypto/asn1/asn1_lib.c:350: 70711 allocations 2022.07.26 14:37:21 \
LOG6[service]: Initializing inetd mode configuration 2022.07.26 14:37:21 \
LOG5[service]: Reading configuration from file C:\Program Files \
(x86)\stunnel\config\stunnel.conf 2022.07.26 14:37:21 LOG5[service]: UTF-8 byte order \
mark detected 2022.07.26 14:37:21 LOG5[service]: FIPS mode disabled
2022.07.26 14:37:21 LOG6[service]: Compression enabled: 0 methods
2022.07.26 14:37:21 LOG6[service]: Initializing service [POP3 Incoming]
2022.07.26 14:37:21 LOG6[service]: User-specified security level set: 0
2022.07.26 14:37:21 LOG6[service]: Session resumption enabled
2022.07.26 14:37:21 LOG6[service]: Loading certificate from file: stunnel.pem
2022.07.26 14:37:21 LOG6[service]: Certificate loaded from file: stunnel.pem
2022.07.26 14:37:21 LOG6[service]: Loading private key from file: stunnel.pem
2022.07.26 14:37:21 LOG6[service]: Private key loaded from file: stunnel.pem
2022.07.26 14:37:21 LOG6[service]: Client CA: C=BE, O=GlobalSign nv-sa, OU=Root CA, \
CN=GlobalSign Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: OU=GlobalSign \
Root CA - R2, O=GlobalSign, CN=GlobalSign 2022.07.26 14:37:21 LOG6[service]: Client \
CA: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. \
- For authorized use only", CN=VeriSign Class 3 Public Primary Certification \
Authority - G3 2022.07.26 14:37:21 LOG6[service]: Client CA: O=Entrust.net, \
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net \
Limited, CN=Entrust.net Certification Authority (2048) 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust \
Root 2022.07.26 14:37:21 LOG6[service]: Client CA: C=SE, O=AddTrust AB, OU=AddTrust \
External TTP Network, CN=AddTrust External CA Root 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by \
reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., CN=GeoTrust \
Global CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., \
CN=GeoTrust Universal CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, \
O=GeoTrust Inc., CN=GeoTrust Universal CA 2 2022.07.26 14:37:21 LOG6[service]: Client \
CA: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=PL, O=Unizeto Sp. z o.o., CN=Certum \
CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GB, ST=Greater Manchester, \
L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, \
CN=QuoVadis Root Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client \
CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=JP, O=SECOM Trust.net, OU=Security Communication \
RootCA1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FI, O=Sonera, CN=Sonera \
Class2 CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=EU, O=AC Camerfirma SA CIF \
A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=EU, O=AC Camerfirma SA CIF A82743287, \
OU=http://www.chambersign.org, CN=Global Chambersign Root 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services \
Inc, CN=XRamp Global Certification Authority 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification \
Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="Starfield \
Technologies, Inc.", OU=Starfield Class 2 Certification Authority 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate \
Signing, CN=StartCom Certification Authority 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=TW, O=Government Root Certification Authority 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert \
Assured ID Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert \
Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High \
Assurance EV Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Certplus, \
CN=Class 2 Primary CA 2022.07.26 14:37:21 LOG6[service]: Client CA: O=Digital \
Signature Trust Co., CN=DST Root CA X3 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=GeoTrust Inc., CN=GeoTrust \
Primary Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, \
O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2006 thawte, Inc. - For \
authorized use only", CN=thawte Primary Root CA 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2006 \
VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary \
Certification Authority - G5 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, \
O=SecureTrust Corporation, CN=SecureTrust CA 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=US, O=SecureTrust Corporation, CN=Secure Global CA 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA \
Limited, CN=COMODO Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client \
CA: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=GB, ST=Greater Manchester, L=Salford, \
O=COMODO CA Limited, CN=COMODO ECC Certification Authority 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security \
Communication EV RootCA1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CH, \
O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey \
Global Root GA CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Dhimyotis, \
CN=Certigna 2022.07.26 14:37:21 LOG6[service]: Client CA: C=DE, O=Deutsche Telekom \
AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2 2022.07.26 14:37:21 \
LOG6[service]: Client CA: O="Cybertrust, Inc", CN=Cybertrust Global Root 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root \
Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=RO, \
O=certSIGN, OU=certSIGN ROOT CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, \
O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust \
Primary Certification Authority - G3 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=US, O="thawte, Inc.", OU="(c) 2007 thawte, Inc. - For authorized use only", \
CN=thawte Primary Root CA - G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, \
O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2008 thawte, Inc. - For \
authorized use only", CN=thawte Primary Root CA - G3 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For \
authorized use only, CN=GeoTrust Primary Certification Authority - G2 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=US, O="VeriSign, Inc.", OU=VeriSign Trust \
Network, OU="(c) 2008 VeriSign, Inc. - For authorized use only", CN=VeriSign \
Universal Root Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2007 VeriSign, Inc. - \
For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority \
- G4 2022.07.26 14:37:21 LOG6[service]: Client CA: C=HU, L=Budapest, O=NetLock Kft., \
OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) \
Főtanúsítvány 2022.07.26 14:37:21 LOG6[service]: Client CA: C=NL, O=Staat der \
Nederlanden, CN=Staat der Nederlanden Root CA - G2 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=JP, O="Japan Certification Services, Inc.", CN=SecureSign \
RootCA11 2022.07.26 14:37:21 LOG6[service]: Client CA: CN=ACEDICOM Root, OU=PKI, \
O=EDICOM, C=ES 2022.07.26 14:37:21 LOG6[service]: Client CA: C=HU, L=Budapest, \
O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, emailAddress=info@e-szigno.hu \
2022.07.26 14:37:21 LOG6[service]: Client CA: OU=GlobalSign Root CA - R3, \
O=GlobalSign, CN=GlobalSign 2022.07.26 14:37:21 LOG6[service]: Client CA: C=ES, \
CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=ES, O=IZENPE S.A., CN=Izenpe.com 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=EU, L=Madrid (see current address at \
www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., \
CN=Chambers of Commerce Root - 2008 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=EU, L=Madrid (see current address at www.camerfirma.com/address), \
serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008 \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, ST=Arizona, L=Scottsdale, \
O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=US, ST=Arizona, L=Scottsdale, O="Starfield \
Technologies, Inc.", CN=Starfield Root Certificate Authority - G2 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, \
Inc.", CN=Starfield Services Root Certificate Authority - G2 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=AffirmTrust, CN=AffirmTrust Commercial 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=US, O=AffirmTrust, CN=AffirmTrust Networking \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=AffirmTrust, CN=AffirmTrust \
Premium 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=AffirmTrust, \
CN=AffirmTrust Premium ECC 2022.07.26 14:37:21 LOG6[service]: Client CA: C=PL, \
O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted \
Network CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Certinomis, OU=0002 \
433998903, CN=Certinomis - Autorité Racine 2022.07.26 14:37:21 LOG6[service]: Client \
CA: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", \
OU=Security Communication RootCA2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=ES, \
O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de \
Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats \
de Certificacio Catalanes, CN=EC-ACC 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic \
Academic and Research Institutions RootCA 2011 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication \
Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GB, O=Trustis Limited, \
OU=Trustis FPS Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=IL, O=StartCom \
Ltd., CN=StartCom Certification Authority G2 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 \
Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=DE, O=T-Systems Enterprise \
Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=EE, O=AS Sertifitseerimiskeskus, CN=EE \
Certification Centre Root CA, emailAddress=pki@sk.ee 2022.07.26 14:37:21 \
LOG6[service]: Client CA: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, \
C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri \
A.Ş. (c) Aralık 2007 2022.07.26 14:37:21 LOG6[service]: Client CA: C=DE, O=D-Trust \
GmbH, CN=D-TRUST Root Class 3 CA 2 2009 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009 2022.07.26 14:37:21 \
LOG6[service]: Client CA: emailAddress=contacto@procert.net.ve, L=Chacao, ST=Miranda, \
OU=Proveedor de Certificados PROCERT, O=Sistema Nacional de Certificacion \
Electronica, C=VE, CN=PSCProcert 2022.07.26 14:37:21 LOG6[service]: Client CA: C=SK, \
L=Bratislava, O=Disig a.s., CN=CA Disig Root R1 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2 2022.07.26 14:37:21 \
LOG6[service]: Client CA: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA \
2022.07.26 14:37:21 LOG6[service]: Client CA: O=TeliaSonera, CN=TeliaSonera Root CA \
v1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=TR, L=Ankara, O=E-Tuğra EBG \
Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, \
CN=E-Tugra Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec \
GlobalRoot Class 2 2022.07.26 14:37:21 LOG6[service]: Client CA: CN=Atos TrustedRoot \
2011, O=Atos, C=DE 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BM, O=QuoVadis \
Limited, CN=QuoVadis Root CA 1 G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=BM, \
O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert \
Assured ID Root G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert \
Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert \
Global Root G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=DigiCert Inc, \
OU=www.digicert.com, CN=DigiCert Global Root G3 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=CN, O=WoSign CA Limited, \
CN=Certification Authority of WoSign 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=CN, O=WoSign CA Limited, CN=CA 沃通 证书 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA \
Certification Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, ST=New \
Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification \
Authority 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, ST=New Jersey, L=Jersey \
City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority 2022.07.26 \
14:37:21 LOG6[service]: Client CA: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, \
CN=GlobalSign 2022.07.26 14:37:21 LOG6[service]: Client CA: OU=GlobalSign ECC Root CA \
- R5, O=GlobalSign, CN=GlobalSign 2022.07.26 14:37:21 LOG6[service]: Client CA: C=NL, \
O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV \
Root CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=IdenTrust, CN=IdenTrust \
Commercial Root CA 1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O=IdenTrust, \
CN=IdenTrust Public Sector Root CA 1 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2009 Entrust, \
Inc. - for authorized use only", CN=Entrust Root Certification Authority - G2 \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, O="Entrust, Inc.", OU=See \
www.entrust.net/legal-terms, OU="(c) 2012 Entrust, Inc. - for authorized use only", \
CN=Entrust Root Certification Authority - EC1 2022.07.26 14:37:21 LOG6[service]: \
Client CA: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=TR, L=Ankara, O=TÜRKTRUST Bilgi \
İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., CN=TÜRKTRUST Elektronik \
Sertifika Hizmet Sağlayıcısı H5 2022.07.26 14:37:21 LOG6[service]: Client CA: \
C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE \
WISeKey Global Root GB CA 2022.07.26 14:37:21 LOG6[service]: Client CA: C=CN, \
O=WoSign CA Limited, CN=Certification Authority of WoSign G2 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=CN, O=WoSign CA Limited, CN=CA WoSign ECC Root 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR \
ROOT CA2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=PL, O=Unizeto Technologies \
S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=GR, L=Athens, O=Hellenic Academic and Research \
Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA \
2015 2022.07.26 14:37:21 LOG6[service]: Client CA: C=GR, L=Athens, O=Hellenic \
Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research \
2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=Certplus, CN=Certplus Root CA \
G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=OpenTrust, CN=OpenTrust Root \
CA G1 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=OpenTrust, CN=OpenTrust \
Root CA G2 2022.07.26 14:37:21 LOG6[service]: Client CA: C=FR, O=OpenTrust, \
CN=OpenTrust Root CA G3 2022.07.26 14:37:21 LOG6[service]: Client CA: C=US, \
O=Internet Security Research Group, CN=ISRG Root X1 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=Amazon, CN=Amazon Root CA 1 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=Amazon, CN=Amazon Root CA 2 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=Amazon, CN=Amazon Root CA 3 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=US, O=Amazon, CN=Amazon Root CA 4 2022.07.26 14:37:21 \
LOG6[service]: Client CA: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2 2022.07.26 \
14:37:21 LOG6[service]: Client CA: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve \
Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, \
CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 2022.07.26 14:37:21 LOG6[service]: \
DH initialization needed for DHE-DSS-AES256-GCM-SHA384 2022.07.26 14:37:21 \
LOG6[service]: Using dynamic DH parameters 2022.07.26 14:37:21 LOG5[service]: \
Configuration successful 2022.07.26 14:37:21 LOG7[service]: Deallocating deployed \
section defaults 2022.07.26 14:37:21 LOG7[service]: Deallocating section [POP3 \
Incoming] 2022.07.26 14:37:21 LOG7[service]: Deallocating section [SMTP Outgoing]
2022.07.26 14:37:21 LOG7[service]: Binding service [POP3 Incoming]
2022.07.26 14:37:21 LOG7[service]: Listening file descriptor created (FD=840)
2022.07.26 14:37:21 LOG7[service]: Setting accept socket options (FD=840)
2022.07.26 14:37:21 LOG7[service]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2022.07.26 14:37:21 LOG6[service]: Service [POP3 Incoming] (FD=840) bound to \
0.0.0.0:110 2022.07.26 14:37:29 LOG7[service]: Found 1 ready file descriptor(s)
2022.07.26 14:37:29 LOG7[service]: FD=664 ifds=r-x ofds=---
2022.07.26 14:37:29 LOG7[service]: FD=840 ifds=r-x ofds=r--
2022.07.26 14:37:29 LOG7[service]: Service [POP3 Incoming] accepted (FD=740) from \
192.168.110.11:60596 2022.07.26 14:37:29 LOG7[service]: Creating a new thread
2022.07.26 14:37:29 LOG7[service]: New thread created
2022.07.26 14:37:29 LOG7[22]: Service [POP3 Incoming] started
2022.07.26 14:37:29 LOG7[22]: Setting local socket options (FD=740)
2022.07.26 14:37:29 LOG7[22]: Option TCP_NODELAY set on local socket
2022.07.26 14:37:29 LOG5[22]: Service [POP3 Incoming] accepted connection from \
192.168.110.11:60596 2022.07.26 14:37:29 LOG6[22]: Peer certificate not required
2022.07.26 14:37:29 LOG7[22]: TLS state (accept): before SSL initialization
2022.07.26 14:37:59 LOG7[22]: TLS alert (write): fatal: decode error
2022.07.26 14:37:59 LOG3[22]: SSL_accept: ssl/record/rec_layer_s3.c:308: \
error:0A000126:SSL routines::unexpected eof while reading 2022.07.26 14:37:59 \
LOG5[22]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket \
2022.07.26 14:37:59 LOG7[22]: Local descriptor (FD=740) closed 2022.07.26 14:37:59 \
LOG7[22]: Service [POP3 Incoming] finished (0 left)
Config:
; Sample stunnel configuration file for Win64 by Michal Trojnara 2002-2022
; Some options used here may be inadequate for your particular configuration
; This sample file does *not* represent stunnel.conf defaults
; Please consult the manual for detailed description of available options
; **************************************************************************
; * Global options *
; **************************************************************************
; Debugging stuff (may be useful for troubleshooting)
debug = 7
output = stunnel.log
log = overwrite
; Enable FIPS 140-2 mode if needed for compliance
;fips = yes
; Microsoft CryptoAPI engine allows for authentication with private keys
; stored in the Windows certificate store
; Each section using this feature also needs the "engineId = capi" option
;engine = capi
; You also need to disable TLS 1.2 or later, because the CryptoAPI engine
; currently does not support PSS
;sslVersionMax = TLSv1.1
; TLSv1.1 requires security level 0 when compiled OpenSSL 3.0 and later
securityLevel = 0
; The pkcs11 engine allows for authentication with cryptographic
; keys isolated in a hardware or software token
; MODULE_PATH specifies the path to the pkcs11 module shared library,
; such as softhsm2-x64.dll or opensc-pkcs11.dll
; IMPORTANT: A 64-bit stunnel requires 64-bit PKCS#11 modules
; Each section using this feature also needs the "engineId = pkcs11" option
;engine = pkcs11
;engineCtrl = MODULE_PATH:softhsm2-x64.dll
;engineCtrl = PIN:1234
; **************************************************************************
; * Service defaults may also be specified in individual service sections *
; **************************************************************************
; Enable support for the insecure SSLv3 protocol
;sslVersion = all
sslVersionMax=TLSv1.3
sslVersionMin=TLSv1.2
sslVersion = TLSv1.2
sslVersion = TLSv1.3
;options = NO_SSLv2
;options = NO_SSLv3
;options = NO_SSLv2
;options = NO_SSLv3
;options = NO_TLSv1
ciphers = ALL
;ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GC \
M-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SH \
A384:AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-D \
SS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256
options = CIPHER_SERVER_PREFERENCE
cert = stunnel.pem
CAfile = ca-certs.pem
OCSPaia = no
verify = 0
; These options provide additional security at some performance degradation
;options = SINGLE_ECDH_USE
;options = SINGLE_DH_USE
; **************************************************************************
; * Include all configuration file fragments from the specified folder *
; **************************************************************************
;include = conf.d
; **************************************************************************
; * Service definitions (at least one service has to be defined) *
; **************************************************************************
; ***************************************** Example TLS client mode services
;[POP3 Incoming]
;client = yes
;accept = 110
;connect = outlook.office365.com:995
;verifyChain = yes
;CAfile = ca-certs.pem
;checkHost = outlook.office365.com
;OCSPaia = yes
[POP3 Incoming]
accept = 110
connect = outlook.office365.com:995
;[SMTP Outgoing]
;accept = 25
;connect = smtp.office365.com:587
;[SMTP Outgoing]
;client = yes
;accept = 25
;protocol = smtp
;connect = smtp.office365.com:587
;verifyChain = yes
;CAfile = ca-certs.pem
;checkHost = smtp.office365.com
;OCSPaia = yes
; Encrypted HTTP proxy authenticated with a client certificate
; located in the Windows certificate store
;[example-proxy]
;client = yes
;accept = 127.0.0.1:8080
;connect = example.com:8443
;engineId = capi
; Encrypted HTTP proxy authenticated with a client certificate
; located in a cryptographic token
;[example-pkcs11]
;client = yes
;accept = 127.0.0.1:8080
;connect = example.com:8443
;engineId = pkcs11
;cert = pkcs11:token=MyToken;object=MyCert
;key = pkcs11:token=MyToken;object=MyKey
; ***************************************** Example TLS server mode services
;[pop3s]
;accept = 995
;connect = 110
;cert = stunnel.pem
;[imaps]
;accept = 993
;connect = 143
;cert = stunnel.pem
; Either only expose this service to trusted networks, or require
; authentication when relaying emails originated from loopback.
; Otherwise the following configuration creates an open relay.
;[ssmtp]
;accept = 465
;connect = 25
;cert = stunnel.pem
; TLS front-end to a web server
;[https]
;accept = 443
;connect = 80
;cert = stunnel.pem
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
; Microsoft implementations do not use TLS close-notify alert and thus they
; are vulnerable to truncation attacks
;TIMEOUTclose = 0
; Remote cmd.exe protected with PSK-authenticated TLS
; Create "secrets.txt" containing IDENTITY:KEY pairs
;[cmd]
;accept = 1337
;exec = c:\windows\system32\cmd.exe
;execArgs = cmd.exe
;PSKsecrets = secrets.txt
; vim:ft=dosini
_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-leave@stunnel.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic