Secure websocket connection to stunnel does not work


#1

I want to connect secure websocket from (my windows laptop) to stunnel (running on a linux box 192.168.1.254) on port 7379 and receive some notifications on the websocket.

cat stunnel.conf

output = /logs/output.log

[https]
accept = 7379
connect = 7580

debug = 7
cert = /configs/server.crt
key = /configs/private_key.key
ciphers= AES256
TIMEOUTclose = 0

while accessing the link below.
https://192.168.1.254:7379/demo/rest/events/index.html

I got the following error.

The connection to wss://192.168.1.254:7379/m2m/re/subscriptions/[%7B%22topics%22:[%22com/nokia/smarthome/ndm/ALL%22]%7D] was interrupted while the page was loading.

Stunnel log file shows that the server has closed the connection.

]# cat output.log
2017.05.16 17:07:10 LOG5[ui]: stunnel 5.22 on mips-unknown-linux-gnu platform
2017.05.16 17:07:10 LOG5[ui]: Compiled/running with OpenSSL 1.0.2k 26 Jan 2017
2017.05.16 17:07:10 LOG5[ui]: Threading:FORK Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2017.05.16 17:07:10 LOG5[ui]: Reading configuration from file /logs/stunnel.conf
2017.05.16 17:07:10 LOG5[ui]: UTF-8 byte order mark not detected
2017.05.16 17:07:10 LOG5[ui]: FIPS mode disabled
2017.05.16 17:07:10 LOG4[ui]: Insecure file permissions on /configs/private_key.key
2017.05.16 17:07:10 LOG5[ui]: Configuration successful
2017.05.16 17:07:50 LOG7[0]: Service [https] started
2017.05.16 17:07:50 LOG5[0]: Service [https] accepted connection from 192.168.1.84:55396
2017.05.16 17:07:50 LOG7[0]: SSL state (accept): before/accept initialization
2017.05.16 17:07:50 LOG7[0]: SNI: no virtual services defined
2017.05.16 17:07:50 LOG7[0]: SSL state (accept): SSLv3 read client hello A
2017.05.16 17:07:50 LOG7[0]: SSL state (accept): SSLv3 write server hello A
2017.05.16 17:07:50 LOG7[0]: SSL state (accept): SSLv3 write certificate A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 write key exchange A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 write server done A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 flush data
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 read client certificate A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 read client key exchange A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 read certificate verify A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 read finished A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 write change cipher spec A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 write finished A
2017.05.16 17:07:51 LOG7[0]: SSL state (accept): SSLv3 flush data
2017.05.16 17:07:51 LOG7[0]: 1 server accept(s) requested
2017.05.16 17:07:51 LOG7[0]: 1 server accept(s) succeeded
2017.05.16 17:07:51 LOG7[0]: 0 server renegotiation(s) requested
2017.05.16 17:07:51 LOG7[0]: 0 session reuse(s)
2017.05.16 17:07:51 LOG7[0]: 0 internal session cache item(s)
2017.05.16 17:07:51 LOG7[0]: 0 internal session cache fill-up(s)
2017.05.16 17:07:51 LOG7[0]: 1 internal session cache miss(es)
2017.05.16 17:07:51 LOG7[0]: 0 external session cache hit(s)
2017.05.16 17:07:51 LOG7[0]: 0 expired session(s) retrieved
2017.05.16 17:07:51 LOG6[0]: SSL accepted: new session negotiated
2017.05.16 17:07:51 LOG6[0]: No peer certificate received
2017.05.16 17:07:51 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-SHA (256-bit encryption)
2017.05.16 17:07:51 LOG7[0]: Compression: null, expansion: null
2017.05.16 17:07:51 LOG6[0]: failover: round-robin, starting at entry #0
2017.05.16 17:07:51 LOG6[0]: s_connect: connecting ::1:7580
2017.05.16 17:07:51 LOG7[0]: s_connect: s_poll_wait ::1:7580: waiting 10 seconds
2017.05.16 17:07:51 LOG3[0]: s_connect: connect ::1:7580: Connection refused (146)
2017.05.16 17:07:51 LOG6[0]: s_connect: connecting 127.0.0.1:7580
2017.05.16 17:07:51 LOG7[0]: s_connect: s_poll_wait 127.0.0.1:7580: waiting 10 seconds
2017.05.16 17:07:51 LOG5[0]: s_connect: connected 127.0.0.1:7580
2017.05.16 17:07:51 LOG6[0]: persistence: 127.0.0.1:7580 cached
2017.05.16 17:07:51 LOG5[0]: Service [https] connected remote server from 127.0.0.1:51130
2017.05.16 17:07:51 LOG7[0]: Remote socket (FD=7) initialized
2017.05.16 17:08:03 LOG7[0]: SSL alert (read): warning: close notify
2017.05.16 17:08:03 LOG6[0]: SSL closed (SSL_read)
2017.05.16 17:08:03 LOG7[0]: Sent socket write shutdown
2017.05.16 17:08:03 LOG3[0]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
2017.05.16 17:08:03 LOG5[0]: Connection closed: 129 byte(s) sent to SSL, 700 byte(s) sent to socket
2017.05.16 17:08:03 LOG7[0]: Remote socket (FD=7) closed
2017.05.16 17:08:03 LOG7[0]: Local socket (FD=3) closed
2017.05.16 17:08:03 LOG7[0]: Service [https] finished
]#

I ran wireshark on my laptop and sniffed the packets. It just shows that TCP connection got closed as FIN packet was generated from the client.

Can you please let me know how to solve the above issue?


#2

Did you ever get an answer to this? Does the HiFi Interface support TLS encryption?