[stunnel-users] Trouble with smtp client connection and TLS in Windows

David Schomaker david at schomaker.net
Tue Sep 11 05:32:18 CEST 2012


I need to configure stunnel to connect to smtp via TLS and am not able to get it to work either running 4.53 or 4.54beta. Perhaps I have the conf file created incorrectly.

The stunnel.conf is as follows:
+++++++++++++++++++++++++++++++++++++++ 
; Debugging stuff (may useful for troubleshooting)
debug = 7
output = c:\temp\stunnel.log

; Disable FIPS mode to allow non-approved protocols and algorithms
;fips = no

; Disable support for insecure SSLv2 protocol
options = NO_SSLv2

[SMARSH-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.smarshmail.com:995

[SMARSH-smtp]
client = yes
SSLversion=TLSv1
accept = 127.0.0.1:25
connect = smtp.smarshmail.com:587
+++++++++++++++++++++++++

Pop works great. The log on an smtp session is as follows:

+++++++++++++++++++++++++
2012.09.10 12:48:31 LOG7[1984:300]: Service [SMARSH-smtp] accepted (FD=508) from 127.0.0.1:49517
2012.09.10 12:48:31 LOG7[1984:300]: Creating a new thread
2012.09.10 12:48:31 LOG7[1984:300]: New thread created
2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] started
2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] accepted connection from 127.0.0.1:49517
2012.09.10 12:48:31 LOG6[1984:2796]: connect_blocking: connecting 199.47.168.58:587
2012.09.10 12:48:31 LOG7[1984:2796]: connect_blocking: s_poll_wait 199.47.168.58:587: waiting 10 seconds
2012.09.10 12:48:31 LOG5[1984:2796]: connect_blocking: connected 199.47.168.58:587
2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] connected remote server from 192.168.108.158:49518
2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) initialized
2012.09.10 12:48:31 LOG7[1984:2796]: SNI: host name: smtp.smarshmail.com
2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): before/connect initialization
2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): SSLv3 write client hello A
2012.09.10 12:48:31 LOG7[1984:2796]: SSL alert (write): fatal: protocol version
2012.09.10 12:48:31 LOG3[1984:2796]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2012.09.10 12:48:31 LOG5[1984:2796]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) closed
2012.09.10 12:48:31 LOG7[1984:2796]: Local socket (FD=508) closed
2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] finished (0 left)
2012.09.10 12:48:40 LOG7[1984:300]: Dispatching signals from the signal pipe
2012.09.10 12:48:43 LOG7[1984:300]: Processing SIGNAL_TERMINATE
2012.09.10 12:48:43 LOG5[1984:300]: Terminated
++++++++++++++++++++++++++

Is sTunnel using SSLv3 rather than TLSv1? If so how do I force TLS?

Thanks...





More information about the stunnel-users mailing list