[stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?

• Previous message (by thread): [stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?
• Next message (by thread): [stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On Dec 18, 2014, at 08:27, H.U.Flück <huf at inomatix.com> wrote: The
> error thrown is something like: Dec 17 17:30:23 srvabas stunnel:
> LOG3[3385:140171595282368]: SSL_accept: 140760FC:
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
> protocol
> 
> What are we missing? Do we need to change the configuration?

I downloaded the source packages to identify the exact change they made.
The only difference between the previous and the updated version is
that the new one configures stunnel with:

configure --enable-fips --enable-ipv6 \
  CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"

rather than:

configure --disable-fips --enable-ipv6 \
  CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"

The update doesn't change anything in the source code of stunnel.

In stunnel 4.x FIPS mode is enabled by default.  You may disable it
with "fips = no".  In order to get your configuration working without
disabling FIPS mode you may also try "sslVersion = TLSv1".

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlSXEOoACgkQ/NU+nXTHMtFBIgCaAth7QWGcFm4kaCNtqW70mQcC
RKEAoN8i3Eb+bf9Qy0zWiITVX2hGYY/z
=5kyW
-----END PGP SIGNATURE-----

• Previous message (by thread): [stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?
• Next message (by thread): [stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]