[stunnel-users] No SSL handshake between stunnel in client mode and SSL server
Jose Alf.
josealf at rocketmail.com
Thu Jan 26 05:19:00 CET 2012
Denis,
Please review this:
http://stunnel.mirt.net/pipermail/stunnel-users/2011-May/003080.html
In particular, check that you have your signing CA certificates (hashed) in your CaPath.
Do the tests with openssl connect and post sanitized results if you are in trouble.
Regards,
Jose
________________________________
From: Denis Berezhnoy <denis.berezhnoy at gmail.com>
To: Jose Alf. <josealf at rocketmail.com>
Cc: "stunnel-users at stunnel.org" <stunnel-users at stunnel.org>
Sent: Wednesday, January 25, 2012 9:55 AM
Subject: Re: [stunnel-users] No SSL handshake between stunnel in client mode and SSL server
Hi Jose,
Thank you for your reply. I double checked and actually there is SSL handshake. Sorry, it was my mistake I did not analyze WireShark capture carefully.
But handshake failed and here is stunnel log:
2012.01.25 09:39:58 LOG5[1944:6264]: stunnel 4.52 on x86-pc-mingw32-gnu platform
2012.01.25 09:39:58 LOG5[1944:6264]: Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012
2012.01.25 09:39:58 LOG5[1944:6264]: Threading:WIN32 SSL:ENGINE,FIPS Auth:none Sockets:SELECT,IPv6
2012.01.25 09:39:58 LOG5[1944:6264]: Reading configuration from file stunnel.conf
2012.01.25 09:39:58 LOG5[1944:6264]: FIPS mode is enabled
2012.01.25 09:39:58 LOG5[1944:6264]: Configuration successful
2012.01.25 09:40:13 LOG5[1944:4724]: Service Router accepted connection from 192.168.1.161:59519
2012.01.25 09:40:13 LOG5[1944:4724]: connect_blocking: connected 192.168.160.168:55443
2012.01.25 09:40:13 LOG5[1944:4724]: Service Router connected remote server from 192.168.1.121:52250
2012.01.25 09:40:13 LOG3[1944:4724]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2012.01.25 09:40:13 LOG5[1944:4724]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
Server is setup for SSL3.0.
Best regards,
Denis
2012/1/24 Jose Alf. <josealf at rocketmail.com>
Denis,
>
>
>Looks like your configuration is incomplete. Check the sample stunnel.conf file in the stunnel distribution. Read the man page. Post your log file.
>
>
>
>Try adding lines like these before [Router]
>
>
>sslVersion = SSLv3
>
>cert=stunnel.pem
>key=stunnel.pem
>
># Authentication stuff, try 0 for test
>verify = 0
>
>CApath = /your/CAcerts/path
>
>debug = 7
>output = stunnel.log
>
>
>
>
>
>
>________________________________
> From: Denis Berezhnoy <denis.berezhnoy at gmail.com>
>To: stunnel-users at stunnel.org
>Sent: Tuesday, January 24, 2012 6:10 PM
>Subject: [stunnel-users] No SSL handshake between stunnel in client mode and SSL server
>
>
>
>Hi guys,
>I have a quick question. I am trying to use stunnel in client mode to encrypt traffic going to my server.
>Basically, I have a server which listens for SSL connection. And I have a client which can not do SSL but it needs to communicate with server over SSL.
>I setup stunnel in client mode to accept unecrypted traffic from client and redirect it to server over SSL. I checked TCP traffic with WireShark between stunnel and my server and I can see that there is no SSL handshake, stunnel makes TCP connection with server and sends some TCP packets but I expect to see SSL handshake.
>My stunnel conf file is here:
>[Router]
>client=yes
>accept = 192.168.1.121:55555
>connect = 192.168.160.168:55443
>Can you please comment on this?
>Best regards,
>Denis
>_______________________________________________
>stunnel-users mailing list
>stunnel-users at stunnel.org
>http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120125/96961ac3/attachment.html>
More information about the stunnel-users
mailing list