Ключевое слово в защите информации
КЛЮЧЕВОЕ СЛОВО
в защите информации
Получить ГОСТ TLS-сертификат для домена (SSL-сертификат)
Добро пожаловать, Гость! Чтобы использовать все возможности Вход или Регистрация.

Уведомление

Icon
Error
2 Страницы12>
Вопрос Stunnel не хочет взлетать - вот и что с ним делать?
Опции
К последнему сообщению К первому непрочитанному
Предыдущая тема Следующая тема
Offline Asterix_0712  
#1 Оставлено : 1 февраля 2025 г. 20:31:15(UTC)
Asterix_0712

Статус: Новичок

Группы: Участники
Зарегистрирован: 01.02.2025(UTC)
Сообщений: 7
Мужчина
Российская Федерация
Доброго времени суток!

Stunnel_msspi
файл *.conf:
https://disk.yandex.ru/i/RtmITiZJw_X-LQ

логи:
stunnel.log (23kb) загружен 2 раз(а).

Цитата:

2025.02.01 18:59:53 LOG6[service]: Initializing inetd mode configuration
2025.02.01 18:59:53 LOG7[service]: Running on Windows 6.2
2025.02.01 18:59:53 LOG7[service]: No limit detected for the number of clients
2025.02.01 18:59:53 LOG5[service]: stunnel 5.72 on x86-pc-msvc-1929 platform
2025.02.01 18:59:53 LOG5[service]: Compiled without OPENSSL
2025.02.01 18:59:53 LOG5[service]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:OCSP,SNI
2025.02.01 18:59:53 LOG7[service]: errno: (*_errno())
2025.02.01 18:59:53 LOG6[service]: Initializing inetd mode configuration
2025.02.01 18:59:53 LOG7[service]: Running on Windows 6.2
2025.02.01 18:59:53 LOG5[service]: Reading configuration from file C:\stunnel\stunnel.conf
2025.02.01 18:59:53 LOG5[service]: UTF-8 byte order mark detected
2025.02.01 18:59:53 LOG6[service]: Initializing service [https]
2025.02.01 18:59:53 LOG5[service]: Configuration successful
2025.02.01 18:59:53 LOG7[service]: Deallocating deployed section defaults
2025.02.01 18:59:53 LOG7[service]: Binding service [https]
2025.02.01 18:59:53 LOG7[service]: Listening file descriptor created (FD=708)
2025.02.01 18:59:53 LOG7[service]: Setting accept socket options (FD=708)
2025.02.01 18:59:53 LOG7[service]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2025.02.01 18:59:53 LOG6[service]: Service [https] (FD=708) bound to 127.0.0.1:1500
2025.02.01 18:59:53 LOG6[service]: Accepting new connections
2025.02.01 19:00:12 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:12 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:12 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:12 LOG7[service]: Service [https] accepted (FD=720) from 127.0.0.1:53959
2025.02.01 19:00:12 LOG7[service]: Creating a new thread
2025.02.01 19:00:12 LOG7[service]: New thread created
2025.02.01 19:00:12 LOG7[0]: Service [https] started
2025.02.01 19:00:12 LOG7[0]: Setting local socket options (FD=720)
2025.02.01 19:00:12 LOG7[0]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:12 LOG5[0]: Service [https] accepted connection from 127.0.0.1:53959
2025.02.01 19:00:12 LOG6[0]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:12 LOG7[0]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:12 LOG7[0]: FD=736 ifds=rwx ofds=---
2025.02.01 19:00:12 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:12 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:12 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:12 LOG7[service]: Service [https] accepted (FD=752) from 127.0.0.1:53961
2025.02.01 19:00:12 LOG7[service]: Creating a new thread
2025.02.01 19:00:12 LOG7[service]: New thread created
2025.02.01 19:00:12 LOG7[1]: Service [https] started
2025.02.01 19:00:12 LOG7[1]: Setting local socket options (FD=752)
2025.02.01 19:00:12 LOG7[1]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:12 LOG5[1]: Service [https] accepted connection from 127.0.0.1:53961
2025.02.01 19:00:12 LOG6[1]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:12 LOG7[1]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:12 LOG7[1]: FD=768 ifds=rwx ofds=---
2025.02.01 19:00:12 LOG5[0]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:12 LOG5[0]: Service [https] connected remote server from 192.168.1.248:53960
2025.02.01 19:00:12 LOG7[0]: Setting remote socket options (FD=736)
2025.02.01 19:00:12 LOG7[0]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:12 LOG7[0]: Remote descriptor (FD=736) initialized
2025.02.01 19:00:12 LOG5[1]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:12 LOG5[1]: Service [https] connected remote server from 192.168.1.248:53962
2025.02.01 19:00:12 LOG7[1]: Setting remote socket options (FD=768)
2025.02.01 19:00:12 LOG7[1]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:12 LOG7[1]: Remote descriptor (FD=768) initialized
2025.02.01 19:00:12 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:12 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:12 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:12 LOG7[service]: Service [https] accepted (FD=1236) from 127.0.0.1:53963
2025.02.01 19:00:12 LOG7[service]: Creating a new thread
2025.02.01 19:00:12 LOG7[service]: New thread created
2025.02.01 19:00:12 LOG7[2]: Service [https] started
2025.02.01 19:00:12 LOG7[2]: Setting local socket options (FD=1236)
2025.02.01 19:00:12 LOG7[2]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:12 LOG5[2]: Service [https] accepted connection from 127.0.0.1:53963
2025.02.01 19:00:12 LOG6[2]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:12 LOG7[2]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:12 LOG7[2]: FD=1248 ifds=rwx ofds=---
2025.02.01 19:00:12 LOG5[2]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:12 LOG5[2]: Service [https] connected remote server from 192.168.1.248:53964
2025.02.01 19:00:12 LOG7[2]: Setting remote socket options (FD=1248)
2025.02.01 19:00:12 LOG7[2]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:12 LOG7[2]: Remote descriptor (FD=1248) initialized
2025.02.01 19:00:19 LOG6[0]: Peer certificate not required
2025.02.01 19:00:19 LOG6[2]: Peer certificate not required
2025.02.01 19:00:19 LOG6[1]: Peer certificate not required
2025.02.01 19:00:19 LOG3[2]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:19 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:19 LOG7[2]: remote_fd reset (FD=1248)
2025.02.01 19:00:19 LOG7[2]: Remote descriptor (FD=1248) closed
2025.02.01 19:00:19 LOG7[2]: local_rfd/local_wfd reset (FD=1236)
2025.02.01 19:00:19 LOG7[2]: Local descriptor (FD=1236) closed
2025.02.01 19:00:19 LOG7[2]: Service [https] finished (2 left)
2025.02.01 19:00:19 LOG3[0]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:19 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:19 LOG7[0]: remote_fd reset (FD=736)
2025.02.01 19:00:19 LOG7[0]: Remote descriptor (FD=736) closed
2025.02.01 19:00:19 LOG7[0]: local_rfd/local_wfd reset (FD=720)
2025.02.01 19:00:19 LOG7[0]: Local descriptor (FD=720) closed
2025.02.01 19:00:19 LOG7[0]: Service [https] finished (1 left)
2025.02.01 19:00:19 LOG3[1]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:19 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:19 LOG7[1]: remote_fd reset (FD=768)
2025.02.01 19:00:19 LOG7[1]: Remote descriptor (FD=768) closed
2025.02.01 19:00:19 LOG7[1]: local_rfd/local_wfd reset (FD=752)
2025.02.01 19:00:19 LOG7[1]: Local descriptor (FD=752) closed
2025.02.01 19:00:19 LOG7[1]: Service [https] finished (0 left)
2025.02.01 19:00:20 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:20 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:20 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:20 LOG7[service]: Service [https] accepted (FD=1524) from 127.0.0.1:53976
2025.02.01 19:00:20 LOG7[service]: Creating a new thread
2025.02.01 19:00:20 LOG7[service]: New thread created
2025.02.01 19:00:20 LOG7[3]: Service [https] started
2025.02.01 19:00:20 LOG7[3]: Setting local socket options (FD=1524)
2025.02.01 19:00:20 LOG7[3]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:20 LOG5[3]: Service [https] accepted connection from 127.0.0.1:53976
2025.02.01 19:00:20 LOG6[3]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:20 LOG7[3]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:20 LOG7[3]: FD=1556 ifds=rwx ofds=---
2025.02.01 19:00:20 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:20 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:20 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:20 LOG7[service]: Service [https] accepted (FD=1240) from 127.0.0.1:53978
2025.02.01 19:00:20 LOG7[service]: Creating a new thread
2025.02.01 19:00:20 LOG7[service]: New thread created
2025.02.01 19:00:20 LOG7[4]: Service [https] started
2025.02.01 19:00:20 LOG7[4]: Setting local socket options (FD=1240)
2025.02.01 19:00:20 LOG7[4]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:20 LOG5[4]: Service [https] accepted connection from 127.0.0.1:53978
2025.02.01 19:00:20 LOG6[4]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:20 LOG7[4]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:20 LOG7[4]: FD=1568 ifds=rwx ofds=---
2025.02.01 19:00:20 LOG5[3]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:20 LOG5[3]: Service [https] connected remote server from 192.168.1.248:53977
2025.02.01 19:00:20 LOG7[3]: Setting remote socket options (FD=1556)
2025.02.01 19:00:20 LOG7[3]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:20 LOG7[3]: Remote descriptor (FD=1556) initialized
2025.02.01 19:00:20 LOG6[3]: Peer certificate not required
2025.02.01 19:00:20 LOG3[3]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:20 LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:20 LOG7[3]: remote_fd reset (FD=1556)
2025.02.01 19:00:20 LOG7[3]: Remote descriptor (FD=1556) closed
2025.02.01 19:00:20 LOG7[3]: local_rfd/local_wfd reset (FD=1524)
2025.02.01 19:00:20 LOG7[3]: Local descriptor (FD=1524) closed
2025.02.01 19:00:20 LOG7[3]: Service [https] finished (1 left)
2025.02.01 19:00:20 LOG5[4]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:20 LOG5[4]: Service [https] connected remote server from 192.168.1.248:53979
2025.02.01 19:00:20 LOG7[4]: Setting remote socket options (FD=1568)
2025.02.01 19:00:20 LOG7[4]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:20 LOG7[4]: Remote descriptor (FD=1568) initialized
2025.02.01 19:00:20 LOG6[4]: Peer certificate not required
2025.02.01 19:00:20 LOG3[4]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:20 LOG5[4]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:20 LOG7[4]: remote_fd reset (FD=1568)
2025.02.01 19:00:20 LOG7[4]: Remote descriptor (FD=1568) closed
2025.02.01 19:00:20 LOG7[4]: local_rfd/local_wfd reset (FD=1240)
2025.02.01 19:00:20 LOG7[4]: Local descriptor (FD=1240) closed
2025.02.01 19:00:20 LOG7[4]: Service [https] finished (0 left)
2025.02.01 19:00:20 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:20 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:20 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:20 LOG7[service]: Service [https] accepted (FD=1036) from 127.0.0.1:53981
2025.02.01 19:00:20 LOG7[service]: Creating a new thread
2025.02.01 19:00:20 LOG7[service]: New thread created
2025.02.01 19:00:20 LOG7[5]: Service [https] started
2025.02.01 19:00:20 LOG7[5]: Setting local socket options (FD=1036)
2025.02.01 19:00:20 LOG7[5]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:20 LOG5[5]: Service [https] accepted connection from 127.0.0.1:53981
2025.02.01 19:00:20 LOG6[5]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:20 LOG7[5]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:20 LOG7[5]: FD=1368 ifds=rwx ofds=---
2025.02.01 19:00:20 LOG5[5]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:20 LOG5[5]: Service [https] connected remote server from 192.168.1.248:53982
2025.02.01 19:00:20 LOG7[5]: Setting remote socket options (FD=1368)
2025.02.01 19:00:20 LOG7[5]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:20 LOG7[5]: Remote descriptor (FD=1368) initialized
2025.02.01 19:00:20 LOG6[5]: Peer certificate not required
2025.02.01 19:00:20 LOG3[5]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:20 LOG5[5]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:20 LOG7[5]: remote_fd reset (FD=1368)
2025.02.01 19:00:20 LOG7[5]: Remote descriptor (FD=1368) closed
2025.02.01 19:00:20 LOG7[5]: local_rfd/local_wfd reset (FD=1036)
2025.02.01 19:00:20 LOG7[5]: Local descriptor (FD=1036) closed
2025.02.01 19:00:20 LOG7[5]: Service [https] finished (0 left)
2025.02.01 19:00:26 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:26 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:26 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:26 LOG7[service]: Service [https] accepted (FD=632) from 127.0.0.1:53991
2025.02.01 19:00:26 LOG7[service]: Creating a new thread
2025.02.01 19:00:26 LOG7[service]: New thread created
2025.02.01 19:00:26 LOG7[6]: Service [https] started
2025.02.01 19:00:26 LOG7[6]: Setting local socket options (FD=632)
2025.02.01 19:00:26 LOG7[6]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:26 LOG5[6]: Service [https] accepted connection from 127.0.0.1:53991
2025.02.01 19:00:26 LOG6[6]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:26 LOG7[6]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:26 LOG7[6]: FD=1136 ifds=rwx ofds=---
2025.02.01 19:00:26 LOG5[6]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:26 LOG5[6]: Service [https] connected remote server from 192.168.1.248:53992
2025.02.01 19:00:26 LOG7[6]: Setting remote socket options (FD=1136)
2025.02.01 19:00:26 LOG7[6]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:26 LOG7[6]: Remote descriptor (FD=1136) initialized
2025.02.01 19:00:26 LOG6[6]: Peer certificate not required
2025.02.01 19:00:26 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:26 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:26 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:26 LOG7[service]: Service [https] accepted (FD=724) from 127.0.0.1:53993
2025.02.01 19:00:26 LOG7[service]: Creating a new thread
2025.02.01 19:00:26 LOG7[service]: New thread created
2025.02.01 19:00:26 LOG7[7]: Service [https] started
2025.02.01 19:00:26 LOG7[7]: Setting local socket options (FD=724)
2025.02.01 19:00:26 LOG7[7]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:26 LOG5[7]: Service [https] accepted connection from 127.0.0.1:53993
2025.02.01 19:00:26 LOG6[7]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:26 LOG7[7]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:26 LOG7[7]: FD=1504 ifds=rwx ofds=---
2025.02.01 19:00:26 LOG3[6]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:26 LOG5[6]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:26 LOG7[6]: remote_fd reset (FD=1136)
2025.02.01 19:00:26 LOG7[6]: Remote descriptor (FD=1136) closed
2025.02.01 19:00:26 LOG7[6]: local_rfd/local_wfd reset (FD=632)
2025.02.01 19:00:26 LOG7[6]: Local descriptor (FD=632) closed
2025.02.01 19:00:26 LOG7[6]: Service [https] finished (1 left)
2025.02.01 19:00:26 LOG5[7]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:26 LOG5[7]: Service [https] connected remote server from 192.168.1.248:53994
2025.02.01 19:00:26 LOG7[7]: Setting remote socket options (FD=1504)
2025.02.01 19:00:26 LOG7[7]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:26 LOG7[7]: Remote descriptor (FD=1504) initialized
2025.02.01 19:00:26 LOG6[7]: Peer certificate not required
2025.02.01 19:00:26 LOG3[7]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:26 LOG5[7]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:26 LOG7[7]: remote_fd reset (FD=1504)
2025.02.01 19:00:26 LOG7[7]: Remote descriptor (FD=1504) closed
2025.02.01 19:00:26 LOG7[7]: local_rfd/local_wfd reset (FD=724)
2025.02.01 19:00:26 LOG7[7]: Local descriptor (FD=724) closed
2025.02.01 19:00:26 LOG7[7]: Service [https] finished (0 left)
2025.02.01 19:00:26 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:26 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:26 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:26 LOG7[service]: Service [https] accepted (FD=1528) from 127.0.0.1:53995
2025.02.01 19:00:26 LOG7[service]: Creating a new thread
2025.02.01 19:00:26 LOG7[service]: New thread created
2025.02.01 19:00:26 LOG7[8]: Service [https] started
2025.02.01 19:00:26 LOG7[8]: Setting local socket options (FD=1528)
2025.02.01 19:00:26 LOG7[8]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:26 LOG5[8]: Service [https] accepted connection from 127.0.0.1:53995
2025.02.01 19:00:26 LOG6[8]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:26 LOG7[8]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:26 LOG7[8]: FD=728 ifds=rwx ofds=---
2025.02.01 19:00:26 LOG5[8]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:26 LOG5[8]: Service [https] connected remote server from 192.168.1.248:53996
2025.02.01 19:00:26 LOG7[8]: Setting remote socket options (FD=728)
2025.02.01 19:00:26 LOG7[8]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:26 LOG7[8]: Remote descriptor (FD=728) initialized
2025.02.01 19:00:26 LOG6[8]: Peer certificate not required
2025.02.01 19:00:26 LOG3[8]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:26 LOG5[8]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:26 LOG7[8]: remote_fd reset (FD=728)
2025.02.01 19:00:26 LOG7[8]: Remote descriptor (FD=728) closed
2025.02.01 19:00:26 LOG7[8]: local_rfd/local_wfd reset (FD=1528)
2025.02.01 19:00:26 LOG7[8]: Local descriptor (FD=1528) closed
2025.02.01 19:00:26 LOG7[8]: Service [https] finished (0 left)
2025.02.01 19:00:56 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:56 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:56 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:56 LOG7[service]: Service [https] accepted (FD=848) from 127.0.0.1:54031
2025.02.01 19:00:56 LOG7[service]: Creating a new thread
2025.02.01 19:00:56 LOG7[service]: New thread created
2025.02.01 19:00:56 LOG7[9]: Service [https] started
2025.02.01 19:00:56 LOG7[9]: Setting local socket options (FD=848)
2025.02.01 19:00:56 LOG7[9]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:56 LOG5[9]: Service [https] accepted connection from 127.0.0.1:54031
2025.02.01 19:00:56 LOG6[9]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:56 LOG7[9]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:56 LOG7[9]: FD=632 ifds=rwx ofds=---
2025.02.01 19:00:56 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:56 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:56 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:56 LOG5[9]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:56 LOG7[service]: Service [https] accepted (FD=1136) from 127.0.0.1:54033
2025.02.01 19:00:56 LOG5[9]: Service [https] connected remote server from 192.168.1.248:54032
2025.02.01 19:00:56 LOG7[9]: Setting remote socket options (FD=632)
2025.02.01 19:00:56 LOG7[service]: Creating a new thread
2025.02.01 19:00:56 LOG7[service]: New thread created
2025.02.01 19:00:56 LOG7[9]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:56 LOG7[9]: Remote descriptor (FD=632) initialized
2025.02.01 19:00:56 LOG6[9]: Peer certificate not required
2025.02.01 19:00:56 LOG7[10]: Service [https] started
2025.02.01 19:00:56 LOG7[10]: Setting local socket options (FD=1136)
2025.02.01 19:00:56 LOG7[10]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:56 LOG5[10]: Service [https] accepted connection from 127.0.0.1:54033
2025.02.01 19:00:56 LOG6[10]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:56 LOG7[10]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:56 LOG7[10]: FD=1540 ifds=rwx ofds=---
2025.02.01 19:00:56 LOG5[10]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:56 LOG5[10]: Service [https] connected remote server from 192.168.1.248:54034
2025.02.01 19:00:56 LOG7[10]: Setting remote socket options (FD=1540)
2025.02.01 19:00:56 LOG7[10]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:56 LOG7[10]: Remote descriptor (FD=1540) initialized
2025.02.01 19:00:56 LOG6[10]: Peer certificate not required
2025.02.01 19:00:56 LOG3[9]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:56 LOG5[9]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:56 LOG7[9]: remote_fd reset (FD=632)
2025.02.01 19:00:56 LOG7[9]: Remote descriptor (FD=632) closed
2025.02.01 19:00:56 LOG7[9]: local_rfd/local_wfd reset (FD=848)
2025.02.01 19:00:56 LOG7[9]: Local descriptor (FD=848) closed
2025.02.01 19:00:56 LOG7[9]: Service [https] finished (1 left)
2025.02.01 19:00:56 LOG3[10]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:56 LOG5[10]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:56 LOG7[10]: remote_fd reset (FD=1540)
2025.02.01 19:00:56 LOG7[10]: Remote descriptor (FD=1540) closed
2025.02.01 19:00:56 LOG7[10]: local_rfd/local_wfd reset (FD=1136)
2025.02.01 19:00:56 LOG7[10]: Local descriptor (FD=1136) closed
2025.02.01 19:00:56 LOG7[10]: Service [https] finished (0 left)
2025.02.01 19:00:56 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.01 19:00:56 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.01 19:00:56 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.01 19:00:56 LOG7[service]: Service [https] accepted (FD=1544) from 127.0.0.1:54035
2025.02.01 19:00:56 LOG7[service]: Creating a new thread
2025.02.01 19:00:56 LOG7[service]: New thread created
2025.02.01 19:00:56 LOG7[11]: Service [https] started
2025.02.01 19:00:56 LOG7[11]: Setting local socket options (FD=1544)
2025.02.01 19:00:56 LOG7[11]: Option TCP_NODELAY set on local socket
2025.02.01 19:00:56 LOG5[11]: Service [https] accepted connection from 127.0.0.1:54035
2025.02.01 19:00:56 LOG6[11]: s_connect: connecting 195.209.130.9:443
2025.02.01 19:00:56 LOG7[11]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.01 19:00:56 LOG7[11]: FD=1520 ifds=rwx ofds=---
2025.02.01 19:00:56 LOG5[11]: s_connect: connected 195.209.130.9:443
2025.02.01 19:00:56 LOG5[11]: Service [https] connected remote server from 192.168.1.248:54036
2025.02.01 19:00:56 LOG7[11]: Setting remote socket options (FD=1520)
2025.02.01 19:00:56 LOG7[11]: Option TCP_NODELAY set on remote socket
2025.02.01 19:00:56 LOG7[11]: Remote descriptor (FD=1520) initialized
2025.02.01 19:00:56 LOG6[11]: Peer certificate not required
2025.02.01 19:00:56 LOG3[11]: SSL_connect: Unknown error (-2146893018)
2025.02.01 19:00:56 LOG5[11]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.01 19:00:56 LOG7[11]: remote_fd reset (FD=1520)
2025.02.01 19:00:56 LOG7[11]: Remote descriptor (FD=1520) closed
2025.02.01 19:00:56 LOG7[11]: local_rfd/local_wfd reset (FD=1544)
2025.02.01 19:00:56 LOG7[11]: Local descriptor (FD=1544) closed
2025.02.01 19:00:56 LOG7[11]: Service [https] finished (0 left)

Отредактировано пользователем 1 февраля 2025 г. 20:34:56(UTC)  | Причина: вставил логи из файла
Вверх

Wanna join the discussion?! Login to your Форум КриптоПро forum accountor Register a new forum account.
Вверх  
Offline pd  
#2 Оставлено : 2 февраля 2025 г. 15:08:13(UTC)
pd

Статус: Сотрудник

Группы: Администраторы
Зарегистрирован: 16.09.2010(UTC)
Сообщений: 1,531
Откуда: КРИПТО-ПРО

Сказал(а) «Спасибо»: 36 раз
Поблагодарили: 494 раз в 350 постах
Автор: Asterix_0712 Перейти к цитате
2025.02.01 19:00:19 LOG3[2]: SSL_connect: Unknown error (-2146893018)

Ошибка означает SEC_E_ILLEGAL_MESSAGE, что говорит об отсутствии TLS распознаваемых данных, то есть битые данные, или другой протокол, или промежуточный участник, или что-то ещё.

Проверять соединение удобно штатным в КриптоПро CSP тестом в том же окружении:

Код:
csptest -tlsc -server 195.209.130.9 -port 443 -v


Если из результатов теста ответ будет не очевиден, присылайте дамп трафика.

Знания в базе знаний, поддержка в техподдержке
Вверх
WWW
Offline Asterix_0712  
#3 Оставлено : 3 февраля 2025 г. 11:22:42(UTC)
Asterix_0712

Статус: Новичок

Группы: Участники
Зарегистрирован: 01.02.2025(UTC)
Сообщений: 7
Мужчина
Российская Федерация
выполнил
Автор: pd Перейти к цитате
csptest -tlsc -server 195.209.130.9 -port 443 -v


ниже представлен результат данной команды:

Цитата:
C:\Program Files\Crypto Pro\CSP>csptest -tlsc -server 195.209.130.9 -port 443 -v
15 algorithms supported:
Algid Class OID
[00] 0x660e 0x6000
[01] 0x6610 0x6000
[02] 0x6801 0x6000 1.2.840.113549.3.4 (rc4)
[03] 0x6603 0x6000 1.2.840.113549.3.7 (3des)
[04] 0x6601 0x6000 1.3.14.3.2.7 (des)
[05] 0x8003 0x8000 1.2.840.113549.2.5 (md5)
[06] 0x8004 0x8000 1.3.14.3.2.26 (sha1)
[07] 0x800c 0x8000
[08] 0x800d 0x8000
[09] 0x800e 0x8000
[10] 0x2400 0x2000 1.2.840.113549.1.1.1 (RSA)
[11] 0xaa02 0xa000 1.2.840.113549.1.9.16.3.5 (ESDH)
[12] 0xae06 0xa000
[13] 0x2200 0x2000 1.2.840.10040.4.1 (DSA)
[14] 0x2203 0x2000
Cipher strengths: 128..256
Supported protocols: 0xa0a80:
Transport Layer Security 1.0 client side
Transport Layer Security 1.1 client side
Transport Layer Security 1.2 client side
Datagram Transport Layer Security client side
Datagram Transport Layer Security 1.2 client side
dwProtocolMask: 0x800e2aaa
Protocol version: 3.3
ClientHello: RecordLayer: TLS, Len: 158
SessionId: (empty)
Cipher Suites: (c0 2c) (c0 2b) (c0 30) (c0 2f) (00 9f) (00 9e) (c0 24) (c0 23) (c0 28) (c0 27) (c0 0a) (c0 09) (c0 14) (c0 13) (00 9d) (00 9c) (00 3d) (00 3c) (00 35) (00 2f) (00 0a) (c1 00) (c1 01) (c1 02) (ff 85) (00 81)
163 bytes of handshake data sent
1460 bytes of handshake data received
Handshake extra buffer: 1370 bytes
2920 bytes of handshake data received
Handshake extra buffer: 2894 bytes
1127 bytes of handshake data received
Server requested new credentials!

Trying to create new credential
Issuer 0: ОГРН=1127746036494, ИНН=007722766598, C=RU, S=77 г. Москва, L=Москва, STREET="ул. Авиамоторная, д. 8А, стр. 5", O=ЗАО <Национальный удостоверяющий центр>, CN=ЗАО <Национальный удостоверяющий центр>
Issuer 1: E=dit@minsvyaz.ru, C=RU, S=77 Москва, L=г. Москва, STREET="улица Тверская, дом 7", O=Минкомсвязь России, ОГРН=1047702026701, ИНН=007710474375, CN=Минкомсвязь России
Issuer 2: CN="АО ""Аналитический Центр""", O="Акционерное общество ""Аналитический Центр""", OU=Удостоверяющий центр, C=RU, S=77 г. Москва, L=г. Москва, E=ca@iecp.ru, STREET="ул. Радио, дом 24, корпус 1, помещение V, комната 23", ИНН=005260270696, ОГРН=1105260001175
Issuer 3: ИНН ЮЛ=7707083893, E=casbrf@sberbank.ru, ОГРН=1027700132195, C=RU, S=77 Москва, L=г. Москва, STREET="ул. Вавилова, д. 19", OU=Удостоверяющий центр, O=ПАО Сбербанк, CN=ПАО Сбербанк
Issuer 4: C=RU, CN=TLS-CA
Issuer 5: ОГРН=1167847225281, ИНН=007813252159, CN=Центр сертификации
Issuer 6: ИНН ЮЛ=7717107991, ОГРН=1037700085444, C=RU, S=Moscow, L=Moscow, O="LLC ""Crypto-Pro""", CN=CryptoPro TLS CA
Issuer 7: ОГРН=1037700085444, ИНН=007717107991, C=RU, S=Moscow, L=Moscow, O="LLC ""Crypto-Pro""", CN=CryptoPro GOST Root CA
Issuer 8: ИНН ЮЛ=7706729736, E=ca@rosatom.ru, ОГРН=1097746819720, C=RU, S=77 Москва, L=г. Москва, STREET=ул. Большая Ордынка д. 24, OU=Отдел криптографической защиты, O="Акционерное общество ""Гринатом""", CN="Акционерное общество ""Гринатом"""
Issuer 9: E=dit@digital.gov.ru, C=RU, S=77 Москва, L=г. Москва, STREET="Пресненская набережная, дом 10, строение 2", O=Минцифры России, ОГРН=1047702026701, ИНН ЮЛ=7710474375, CN=Минцифры России
Issuer 10: C=RU, S=77 г. Москва, L=г. Москва, STREET="ул. Неглинная, д. 12", O=Банк России, CN=Центральный банк Российской Федерации, ОГРН=1037700013020, ИНН ЮЛ=7702235133
Issuer 11: E=ca@sertum.ru, ОГРН=1116673008539, ИНН ЮЛ=6673240328, C=RU, S=66 Свердловская область, L=Екатеринбург, STREET="ул. Малопрудная, стр. 5, офис 715", O="ООО ""Сертум-Про""", CN="ООО ""Сертум-Про"""
Issuer 12: ИНН ЮЛ=7707329152, E=uc@tax.gov.ru, ОГРН=1047707030513, C=RU, S=77 Москва, L=г. Москва, STREET="ул. Неглинная, д. 23", O=Федеральная налоговая служба, CN=Федеральная налоговая служба
Issuer 13: ИНН ЮЛ=6663003127, E=ca@skbkontur.ru, ОГРН=1026605606620, C=RU, S=66 Свердловская область, L=Екатеринбург, STREET="улица Народной воли, строение 19А", OU=Удостоверяющий центр, O="АО ""ПФ ""СКБ Контур""", CN="АО ""ПФ ""СКБ Контур"""
Issuers: 14, Length: 3965 bytes

Client certificate:
Subject: ***
Valid : 15.11.2024 11:57:38 - 15.02.2026 12:07:38 (UTC)
Issuer : ***
PrivKey: 15.11.2024 11:57:38 - 15.02.2026 11:57:38 (UTC)

new schannel credential created
20 algorithms supported:
Algid Class OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x6631 0x6000 1.2.643.7.1.1.5.2.1 (ГОСТ Р 34.12-2015 Кузнечик CTR-ACPKM)
[02] 0x6630 0x6000 1.2.643.7.1.1.5.1.1 (ГОСТ Р 34.12-2015 Магма CTR-ACPKM)
[03] 0x801e 0x8000 1.2.643.2.2.9 (ГОСТ Р 34.11-94)
[04] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[05] 0x801f 0x8000
[06] 0x803d 0x8000
[07] 0x803c 0x8000
[08] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[09] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012 256 бит)
[10] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012 512 бит)
[11] 0x660e 0x6000
[12] 0x6610 0x6000
[13] 0x6603 0x6000 1.2.840.113549.3.7 (3des)
[14] 0x8004 0x8000 1.3.14.3.2.26 (sha1)
[15] 0x800c 0x8000
[16] 0x800d 0x8000
[17] 0x800e 0x8000
[18] 0x2400 0x2000 1.2.840.113549.1.1.1 (RSA)
[19] 0xae06 0xa000
Cipher strengths: 128..256
Supported protocols: 0xa80:
Transport Layer Security 1.0 client side
Transport Layer Security 1.1 client side
Transport Layer Security 1.2 client side
dwProtocolMask: 0x800e2aaa
4862 bytes of handshake data sent
63 bytes of handshake data received
Handshake was successful
SECPKG_ATTR_SESSION_INFO: Reuse: 0, SessionId: 7c7a8ed25b1ba558d9fb536fb00dec4886796e7d3b2c70ed086c12e84c0b6ab8

SECPKG_ATTR_CIPHER_INFO: Version: 1
SECPKG_ATTR_CIPHER_INFO: Protocol: 303
SECPKG_ATTR_CIPHER_INFO: CipherSuite: c100, TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC
SECPKG_ATTR_CIPHER_INFO: BaseCipherSuite: c100
SECPKG_ATTR_CIPHER_INFO: Cipher: GR 34.12-15 K, Len: 256, BlockLen: 1
SECPKG_ATTR_CIPHER_INFO: Hash: GR 34.11-2012 256, Len: 256
SECPKG_ATTR_CIPHER_INFO: Exchange: GOST DH 34.10-2012 256, MinLen: 512, MaxLen: 512
SECPKG_ATTR_CIPHER_INFO: Certificate: GR 34.10-2012 256, KeyType: 23

SECPKG_ATTR_CONNECTION_INFO: Protocol: 0x800 (TLS 1.2)
SECPKG_ATTR_CONNECTION_INFO: Cipher: 0x6631 (GOST R 34.12-2015 Kuznyechik)
SECPKG_ATTR_CONNECTION_INFO: Cipher strength: 256
SECPKG_ATTR_CONNECTION_INFO: Hash: 0x8021 (GOST R 34.11-2012 (256))
SECPKG_ATTR_CONNECTION_INFO: Hash strength: 256
SECPKG_ATTR_CONNECTION_INFO: Exch: 0xaa47 (GOST R 34.10-2012 (256) Ephemeral)
SECPKG_ATTR_CONNECTION_INFO: Key exchange strength: 512

SECPKG_ATTR_KEY_INFO: KeySize: 256
SECPKG_ATTR_KEY_INFO: SignatureAlgorithm: 0x2e49, Name: GOST R 34.11 2012 256
SECPKG_ATTR_KEY_INFO: EncryptAlgorithm: 0x6631, Name: GR 34.12-2015 Kuznyechik

SECPKG_ATTR_SUPPORTED_SIGNATURES: Supported signatures: (ee ee) (08 40) (ef ef) (08 41) (ed ed)

SECPKG_ATTR_NAMES: E=mtg_oib@goznak.ru, O="АО ""Гознак""", L=Санкт-Петербург, S=78 г. Санкт-Петербург, C=RU, CN="АО ""Гознак"""

SECPKG_ATTR_PACKAGE_INFO: fCapabilities: 0x4107B3
SECPKG_ATTR_PACKAGE_INFO: wVersion: 1
SECPKG_ATTR_PACKAGE_INFO: wRPCID: 65535
SECPKG_ATTR_PACKAGE_INFO: cbMaxToken: 16379
SECPKG_ATTR_PACKAGE_INFO: Name: CryptoPro SSP
SECPKG_ATTR_PACKAGE_INFO: Comment: CryptoPro Security Package

Server certificate:
Subject: E=mtg_oib@goznak.ru, O="АО ""Гознак""", L=Санкт-Петербург, S=78 г. Санкт-Петербург, C=RU, CN="АО ""Гознак"""
Valid : 22.11.2024 11:30:54 - 22.11.2025 11:40:54 (UTC)
Issuer : ИНН ЮЛ=7717107991, ОГРН=1037700085444, C=RU, S=Moscow, L=Moscow, O="LLC ""Crypto-Pro""", CN=CryptoPro TLS CA
Error 0x800b010f (CERT_E_CN_NO_MATCH) returned by CertVerifyCertificateChainPolicy!
E:\branches\CSP_5_0r3t\branches\CSP_5_0r3t_0\CSP\samples\csptest\WebClient.c:1194:Error authenticating server credentials!
Error 0x800b010f: CN-имя сертификата не совпадает с полученным значением.
Total: SYS: 0,469 sec USR: 0,047 sec UTC: 5,916 sec
[ErrorCode: 0x800b010f]
Вверх
Offline pd  
#4 Оставлено : 3 февраля 2025 г. 13:06:46(UTC)
pd

Статус: Сотрудник

Группы: Администраторы
Зарегистрирован: 16.09.2010(UTC)
Сообщений: 1,531
Откуда: КРИПТО-ПРО

Сказал(а) «Спасибо»: 36 раз
Поблагодарили: 494 раз в 350 постах
Автор: Asterix_0712 Перейти к цитате
2025.02.01 19:00:19 LOG3[2]: SSL_connect: Unknown error (-2146893018)

Проверил лог, отсутствие записей об ошибках msspi, говорит о том, что всё штатно отработало.

Отрубает с большой вероятностью именно сервер.

А без stunnel работает? Зайти напрямую через браузер с этим сертификатом получается?
Знания в базе знаний, поддержка в техподдержке
Вверх
WWW
Offline Asterix_0712  
#5 Оставлено : 3 февраля 2025 г. 14:32:43(UTC)
Asterix_0712

Статус: Новичок

Группы: Участники
Зарегистрирован: 01.02.2025(UTC)
Сообщений: 7
Мужчина
Российская Федерация
Автор: pd Перейти к цитате
Зайти напрямую через браузер с этим сертификатом получается?


да, браузерная версия работает без проблем.
Вверх
Offline pd  
#6 Оставлено : 3 февраля 2025 г. 15:11:39(UTC)
pd

Статус: Сотрудник

Группы: Администраторы
Зарегистрирован: 16.09.2010(UTC)
Сообщений: 1,531
Откуда: КРИПТО-ПРО

Сказал(а) «Спасибо»: 36 раз
Поблагодарили: 494 раз в 350 постах
Если в браузере работает, продолжим с csptest.

Автор: Asterix_0712 Перейти к цитате
выполнил
Автор: pd Перейти к цитате
csptest -tlsc -server 195.209.130.9 -port 443 -v

В вашем случае полная команда аналог stunnel должна включать ваш сертификат -user "0120040..." и для verify=0, это -nocheck. Итого:

Код:
csptest -tlsc -server 195.209.130.9 -port 443 -v -nocheck -user "0120040..."
Знания в базе знаний, поддержка в техподдержке
Вверх
WWW
Offline Asterix_0712  
#7 Оставлено : 3 февраля 2025 г. 15:40:34(UTC)
Asterix_0712

Статус: Новичок

Группы: Участники
Зарегистрирован: 01.02.2025(UTC)
Сообщений: 7
Мужчина
Российская Федерация
Автор: pd Перейти к цитате
csptest -tlsc -server 195.209.130.9 -port 443 -v -nocheck -user "0120040...


Код:
C:\Program Files\Crypto Pro\CSP>csptest -tlsc -server 195.209.130.9 -port 443 -v -nocheck -user "***"
#0:
Subject: ***
Valid  : 15.11.2024 11:57:38 - 15.02.2026 12:07:38 (UTC)
Issuer : ***
PrivKey: 15.11.2024 11:57:38 - 15.02.2026 11:57:38 (UTC)


Client certificate:
Subject: ***
Valid  : 15.11.2024 11:57:38 - 15.02.2026 12:07:38 (UTC)
Issuer : ***
PrivKey: 15.11.2024 11:57:38 - 15.02.2026 11:57:38 (UTC)

20 algorithms supported:
     Algid  Class  OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x6631 0x6000 1.2.643.7.1.1.5.2.1 (ГОСТ Р 34.12-2015 Кузнечик CTR-ACPKM)
[02] 0x6630 0x6000 1.2.643.7.1.1.5.1.1 (ГОСТ Р 34.12-2015 Магма CTR-ACPKM)
[03] 0x801e 0x8000 1.2.643.2.2.9 (ГОСТ Р 34.11-94)
[04] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[05] 0x801f 0x8000
[06] 0x803d 0x8000
[07] 0x803c 0x8000
[08] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[09] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012 256 бит)
[10] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012 512 бит)
[11] 0x660e 0x6000
[12] 0x6610 0x6000
[13] 0x6603 0x6000 1.2.840.113549.3.7 (3des)
[14] 0x8004 0x8000 1.3.14.3.2.26 (sha1)
[15] 0x800c 0x8000
[16] 0x800d 0x8000
[17] 0x800e 0x8000
[18] 0x2400 0x2000 1.2.840.113549.1.1.1 (RSA)
[19] 0xae06 0xa000
Cipher strengths: 128..256
Supported protocols: 0xa80:
    Transport Layer Security 1.0 client side
    Transport Layer Security 1.1 client side
    Transport Layer Security 1.2 client side
dwProtocolMask: 0x800e2aaa
Protocol version: 3.3
ClientHello: RecordLayer: TLS, Len: 106
SessionId: (empty)
Cipher Suites: (c1 00) (c1 01) (c1 02) (ff 85) (00 81)
111 bytes of handshake data sent
1460 bytes of handshake data received
Handshake extra buffer: 1366 bytes
2920 bytes of handshake data received
Handshake extra buffer: 2890 bytes
1131 bytes of handshake data received
4862 bytes of handshake data sent
63 bytes of handshake data received
Handshake was successful
SECPKG_ATTR_SESSION_INFO: Reuse: 0, SessionId: ***

SECPKG_ATTR_CIPHER_INFO: Version: 1
SECPKG_ATTR_CIPHER_INFO: Protocol: 303
SECPKG_ATTR_CIPHER_INFO: CipherSuite: c100, TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC
SECPKG_ATTR_CIPHER_INFO: BaseCipherSuite: c100
SECPKG_ATTR_CIPHER_INFO: Cipher: GR 34.12-15 K, Len: 256, BlockLen: 1
SECPKG_ATTR_CIPHER_INFO: Hash: GR 34.11-2012 256, Len: 256
SECPKG_ATTR_CIPHER_INFO: Exchange: GOST DH 34.10-2012 256, MinLen: 512, MaxLen: 512
SECPKG_ATTR_CIPHER_INFO: Certificate: GR 34.10-2012 256, KeyType: 23

SECPKG_ATTR_CONNECTION_INFO: Protocol: 0x800 (TLS 1.2)
SECPKG_ATTR_CONNECTION_INFO: Cipher: 0x6631 (GOST R 34.12-2015 Kuznyechik)
SECPKG_ATTR_CONNECTION_INFO: Cipher strength: 256
SECPKG_ATTR_CONNECTION_INFO: Hash: 0x8021 (GOST R 34.11-2012 (256))
SECPKG_ATTR_CONNECTION_INFO: Hash strength: 256
SECPKG_ATTR_CONNECTION_INFO: Exch: 0xaa47 (GOST R 34.10-2012 (256) Ephemeral)
SECPKG_ATTR_CONNECTION_INFO: Key exchange strength: 512

SECPKG_ATTR_KEY_INFO: KeySize: 256
SECPKG_ATTR_KEY_INFO: SignatureAlgorithm: 0x2e49, Name: GOST R 34.11 2012 256
SECPKG_ATTR_KEY_INFO: EncryptAlgorithm: 0x6631, Name: GR 34.12-2015 Kuznyechik

SECPKG_ATTR_SUPPORTED_SIGNATURES: Supported signatures: (ee ee) (08 40) (ef ef) (08 41) (ed ed)

SECPKG_ATTR_NAMES: E=mtg_oib@goznak.ru, O="АО ""Гознак""", L=Санкт-Петербург, S=78 г. Санкт-Петербург, C=RU, CN="АО ""Гознак"""

SECPKG_ATTR_PACKAGE_INFO: fCapabilities: 0x4107B3
SECPKG_ATTR_PACKAGE_INFO: wVersion: 1
SECPKG_ATTR_PACKAGE_INFO: wRPCID: 65535
SECPKG_ATTR_PACKAGE_INFO: cbMaxToken: 16379
SECPKG_ATTR_PACKAGE_INFO: Name: CryptoPro SSP
SECPKG_ATTR_PACKAGE_INFO: Comment: CryptoPro Security Package

Server certificate:
Subject: E=mtg_oib@goznak.ru, O="АО ""Гознак""", L=Санкт-Петербург, S=78 г. Санкт-Петербург, C=RU, CN="АО ""Гознак"""
Valid  : 22.11.2024 11:30:54 - 22.11.2025 11:40:54 (UTC)
Issuer : ИНН ЮЛ=7717107991, ОГРН=1037700085444, C=RU, S=Moscow, L=Moscow, O="LLC ""Crypto-Pro""", CN=CryptoPro TLS CA

SECPKG_ATTR_STREAM_SIZES: Header: 5, Trailer: 16, MaxMessage: 16384
SECPKG_ATTR_STREAM_SIZES: Buffers: 4, BlockSize: 1

SECPKG_ATTR_SIZES: MaxToken: 16384
SECPKG_ATTR_SIZES: MaxSignature: 16
SECPKG_ATTR_SIZES: BlockSize: 1
SECPKG_ATTR_SIZES: SecurityTrailer: 21

HTTP request: GET / HTTP/1.1
User-Agent: Webclient
Accept:*/*
Host: 195.209.130.9
Connection: close


Sending plaintext: 93 bytes
135 bytes of application data sent
1460 bytes of (encrypted) application data received
6915 bytes of (encrypted) application data received
4765 bytes of (encrypted) application data received
3286 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
4359 bytes of (encrypted) application data received
5840 bytes of (encrypted) application data received
6206 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
11696 bytes of (encrypted) application data received
Decrypted data: 16 bytes
Extra data: 11680 bytes
2920 bytes of (encrypted) application data received
1826 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
16405 bytes of (encrypted) application data received
Decrypted data: 16384 bytes
Extra data: 21 bytes
11199 bytes of (encrypted) application data received
Decrypted data: 11176 bytes
Extra data: 23 bytes
Context expired: OK if file is completely downloaded
Reply status: HTTP/1.1 200 OK
Sending Close Notify
23 bytes of handshake data sent
1 connections, 207800 bytes in 3.024 seconds;
Total: SYS: 0,172 sec USR: 0,063 sec UTC: 5,578 sec
[ErrorCode: 0x00000000]


выглядит как отсутствие ошибок, в то же время:

Код:
2025.02.03 14:28:15 LOG6[service]: Initializing inetd mode configuration
2025.02.03 14:28:15 LOG7[service]: Running on Windows 6.2
2025.02.03 14:28:15 LOG7[service]: No limit detected for the number of clients
2025.02.03 14:28:15 LOG5[service]: stunnel 5.72 on x86-pc-msvc-1929 platform
2025.02.03 14:28:15 LOG5[service]: Compiled without OPENSSL
2025.02.03 14:28:15 LOG5[service]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:OCSP,SNI
2025.02.03 14:28:15 LOG7[service]: errno: (*_errno())
2025.02.03 14:28:15 LOG6[service]: Initializing inetd mode configuration
2025.02.03 14:28:15 LOG7[service]: Running on Windows 6.2
2025.02.03 14:28:15 LOG5[service]: Reading configuration from file C:\stunnel\stunnel.conf
2025.02.03 14:28:15 LOG5[service]: UTF-8 byte order mark detected
2025.02.03 14:28:15 LOG6[service]: Initializing service [https]
2025.02.03 14:28:15 LOG5[service]: Configuration successful
2025.02.03 14:28:15 LOG7[service]: Deallocating deployed section defaults
2025.02.03 14:28:15 LOG7[service]: Binding service [https]
2025.02.03 14:28:15 LOG7[service]: Listening file descriptor created (FD=708)
2025.02.03 14:28:15 LOG7[service]: Setting accept socket options (FD=708)
2025.02.03 14:28:15 LOG7[service]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2025.02.03 14:28:15 LOG6[service]: Service [https] (FD=708) bound to 127.0.0.1:1500
2025.02.03 14:28:15 LOG6[service]: Accepting new connections
2025.02.03 14:28:22 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.03 14:28:22 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.03 14:28:22 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.03 14:28:22 LOG7[service]: Service [https] accepted (FD=720) from 127.0.0.1:49484
2025.02.03 14:28:22 LOG7[service]: Creating a new thread
2025.02.03 14:28:22 LOG7[service]: New thread created
2025.02.03 14:28:22 LOG7[0]: Service [https] started
2025.02.03 14:28:22 LOG7[0]: Setting local socket options (FD=720)
2025.02.03 14:28:22 LOG7[0]: Option TCP_NODELAY set on local socket
2025.02.03 14:28:22 LOG5[0]: Service [https] accepted connection from 127.0.0.1:49484
2025.02.03 14:28:22 LOG6[0]: s_connect: connecting 195.209.130.9:443
2025.02.03 14:28:22 LOG7[0]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.03 14:28:22 LOG7[0]: FD=736 ifds=rwx ofds=---
2025.02.03 14:28:22 LOG5[0]: s_connect: connected 195.209.130.9:443
2025.02.03 14:28:22 LOG5[0]: Service [https] connected remote server from 192.168.1.248:49485
2025.02.03 14:28:22 LOG7[0]: Setting remote socket options (FD=736)
2025.02.03 14:28:22 LOG7[0]: Option TCP_NODELAY set on remote socket
2025.02.03 14:28:22 LOG7[0]: Remote descriptor (FD=736) initialized
2025.02.03 14:28:22 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.03 14:28:22 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.03 14:28:22 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.03 14:28:22 LOG7[service]: Service [https] accepted (FD=752) from 127.0.0.1:49487
2025.02.03 14:28:22 LOG7[service]: Creating a new thread
2025.02.03 14:28:22 LOG7[service]: New thread created
2025.02.03 14:28:22 LOG7[1]: Service [https] started
2025.02.03 14:28:22 LOG7[1]: Setting local socket options (FD=752)
2025.02.03 14:28:22 LOG7[1]: Option TCP_NODELAY set on local socket
2025.02.03 14:28:22 LOG5[1]: Service [https] accepted connection from 127.0.0.1:49487
2025.02.03 14:28:22 LOG6[1]: s_connect: connecting 195.209.130.9:443
2025.02.03 14:28:22 LOG7[1]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.03 14:28:22 LOG7[1]: FD=832 ifds=rwx ofds=---
2025.02.03 14:28:22 LOG5[1]: s_connect: connected 195.209.130.9:443
2025.02.03 14:28:22 LOG5[1]: Service [https] connected remote server from 192.168.1.248:49488
2025.02.03 14:28:22 LOG7[1]: Setting remote socket options (FD=832)
2025.02.03 14:28:22 LOG7[1]: Option TCP_NODELAY set on remote socket
2025.02.03 14:28:22 LOG7[1]: Remote descriptor (FD=832) initialized
2025.02.03 14:28:22 LOG7[service]: Found 1 ready file descriptor(s)
2025.02.03 14:28:22 LOG7[service]: FD=696 ifds=r-x ofds=---
2025.02.03 14:28:22 LOG7[service]: FD=708 ifds=r-x ofds=r--
2025.02.03 14:28:22 LOG7[service]: Service [https] accepted (FD=1228) from 127.0.0.1:49489
2025.02.03 14:28:22 LOG7[service]: Creating a new thread
2025.02.03 14:28:22 LOG7[service]: New thread created
2025.02.03 14:28:22 LOG7[2]: Service [https] started
2025.02.03 14:28:22 LOG7[2]: Setting local socket options (FD=1228)
2025.02.03 14:28:22 LOG7[2]: Option TCP_NODELAY set on local socket
2025.02.03 14:28:22 LOG5[2]: Service [https] accepted connection from 127.0.0.1:49489
2025.02.03 14:28:22 LOG6[2]: s_connect: connecting 195.209.130.9:443
2025.02.03 14:28:22 LOG7[2]: s_connect: s_poll_wait 195.209.130.9:443: waiting 10 seconds
2025.02.03 14:28:22 LOG7[2]: FD=1240 ifds=rwx ofds=---
2025.02.03 14:28:22 LOG5[2]: s_connect: connected 195.209.130.9:443
2025.02.03 14:28:22 LOG5[2]: Service [https] connected remote server from 192.168.1.248:49490
2025.02.03 14:28:22 LOG7[2]: Setting remote socket options (FD=1240)
2025.02.03 14:28:22 LOG7[2]: Option TCP_NODELAY set on remote socket
2025.02.03 14:28:22 LOG7[2]: Remote descriptor (FD=1240) initialized
2025.02.03 14:28:29 LOG6[0]: Peer certificate not required
2025.02.03 14:28:29 LOG6[2]: Peer certificate not required
2025.02.03 14:28:29 LOG6[1]: Peer certificate not required
2025.02.03 14:28:29 LOG3[0]: SSL_connect: Unknown error (-2146893018)
2025.02.03 14:28:29 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.03 14:28:29 LOG7[0]: remote_fd reset (FD=736)
2025.02.03 14:28:29 LOG7[0]: Remote descriptor (FD=736) closed
2025.02.03 14:28:29 LOG7[0]: local_rfd/local_wfd reset (FD=720)
2025.02.03 14:28:29 LOG7[0]: Local descriptor (FD=720) closed
2025.02.03 14:28:29 LOG7[0]: Service [https] finished (2 left)
2025.02.03 14:28:29 LOG3[1]: SSL_connect: Unknown error (-2146893018)
2025.02.03 14:28:29 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.03 14:28:29 LOG7[1]: remote_fd reset (FD=832)
2025.02.03 14:28:29 LOG7[1]: Remote descriptor (FD=832) closed
2025.02.03 14:28:29 LOG7[1]: local_rfd/local_wfd reset (FD=752)
2025.02.03 14:28:29 LOG7[1]: Local descriptor (FD=752) closed
2025.02.03 14:28:29 LOG7[1]: Service [https] finished (1 left)
2025.02.03 14:28:29 LOG3[2]: SSL_connect: Unknown error (-2146893018)
2025.02.03 14:28:29 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.02.03 14:28:29 LOG7[2]: remote_fd reset (FD=1240)
2025.02.03 14:28:29 LOG7[2]: Remote descriptor (FD=1240) closed
2025.02.03 14:28:29 LOG7[2]: local_rfd/local_wfd reset (FD=1228)
2025.02.03 14:28:29 LOG7[2]: Local descriptor (FD=1228) closed
2025.02.03 14:28:29 LOG7[2]: Service [https] finished (0 left)

Вверх
Offline pd  
#8 Оставлено : 3 февраля 2025 г. 16:28:53(UTC)
pd

Статус: Сотрудник

Группы: Администраторы
Зарегистрирован: 16.09.2010(UTC)
Сообщений: 1,531
Откуда: КРИПТО-ПРО

Сказал(а) «Спасибо»: 36 раз
Поблагодарили: 494 раз в 350 постах
Автор: Asterix_0712 Перейти к цитате
выглядит как отсутствие ошибок, в то же время

Непонятно. Пришлите дампы трафика для этих случаев, можно в ЛС.

Знания в базе знаний, поддержка в техподдержке
Вверх
WWW
Offline pd  
#9 Оставлено : 3 февраля 2025 г. 16:53:16(UTC)
pd

Статус: Сотрудник

Группы: Администраторы
Зарегистрирован: 16.09.2010(UTC)
Сообщений: 1,531
Откуда: КРИПТО-ПРО

Сказал(а) «Спасибо»: 36 раз
Поблагодарили: 494 раз в 350 постах
Автор: pd Перейти к цитате
Автор: Asterix_0712 Перейти к цитате
выглядит как отсутствие ошибок, в то же время

Непонятно. Пришлите дампы трафика для этих случаев, можно в ЛС.

Посмотрел дамп со своей стороны, похоже какая-то проблема с TLS 1.3 на сервере.

Дампы можете не присылать, если поможет вот это в конфигурации stunnel:

Код:
sslVersionMax=TLSv1.2
Знания в базе знаний, поддержка в техподдержке
Вверх
WWW
Offline Asterix_0712  
#10 Оставлено : 3 февраля 2025 г. 18:24:13(UTC)
Asterix_0712

Статус: Новичок

Группы: Участники
Зарегистрирован: 01.02.2025(UTC)
Сообщений: 7
Мужчина
Российская Федерация
Автор: pd Перейти к цитате
какая-то проблема с TLS


Со своей стороны дополнил конфиг-файл, и оставил только TLS 1.2 ( в свойствах обозревателя - дополнительно).
не помогло.

дамп сетевого траффика отправил в лс
Вверх
RSS Лента  Atom Лента
Пользователи, просматривающие эту тему
Guest (2)
2 Страницы12>
Быстрый переход  
Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.

Privacy Policy | Форум YAF.NET | YAF.NET © 2003-2025, Yet Another Forum.NET