<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:inherit;
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
h2
{mso-style-priority:9;
mso-style-link:"Überschrift 2 Zchn";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:18.0pt;
font-family:"Calibri",sans-serif;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;}
span.berschrift2Zchn
{mso-style-name:"Überschrift 2 Zchn";
mso-style-priority:9;
mso-style-link:"Überschrift 2";
font-family:"Calibri",sans-serif;
mso-fareast-language:DE;
font-weight:bold;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=DE link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal style='vertical-align:baseline'><span lang=EN-US style='font-size:10.0pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>Hi,<o:p></o:p></span></p><p class=MsoNormal style='vertical-align:baseline'><span lang=EN-US style='font-size:10.0pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'><o:p> </o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>I have set up Stunnel as SSL Wrapper for googlemail on a Redhat Enterprise Linux 7.2 installation.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:14.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>The stunnel.conf:<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>output = /var/log/stunnel.log <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>cert = /etc/pki/tls/certs/2019stunnel.pem <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>client = yes <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>sslVersion = TLSv1 <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>;fips=no <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>[ssmtp] <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>accept = 1925<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>connect=smtp.googlemail.com:587<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'><o:p> </o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'><o:p> </o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>lets me start stunned well.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>I have created the file 2019stunnel.pem following the Instructions on Redhat:<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>make 2019stunnel.pem in the correct directory (certs)<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>now I tried to telnet localhost 1925; I get a “connected”, but nothing more. telnet smtp.googlemail 587 runs very well, I get connected, so I assume it is not a firewall issue.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>I checked the options <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>sslVersion = TLSv1 and <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>sslVersion = all alternatively, which led to different errors in stunnel.log:<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>Service [ssmtp] accepted connection from 127.0.0.1:49723 2019.01.04 14:45:01 LOG3[4500:140416608397056]: connect_blocking: connect 2a00:1450:400c:c0c::10:587: Network is unreachable (101) 2019.01.04 14:45:01 LOG5[4500:140416608397056]: connect_blocking: connected 74.125.140.16:587 2019.01.04 14:45:01 LOG5[4500:140416608397056]: Service [ssmtp] connected remote server from 192.168.178.57:44246 2019.01.04 14:45:01 LOG3[4500:140416608397056]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2019.01.04 14:45:01 LOG5[4500:140416608397056]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2019.01.04 14:54:24 LOG5[4500:140416608249920]: Terminated<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>or<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>Service [ssmtp] accepted connection from 192.168.178.57:57612 2019.01.04 14:54:36 LOG5[7437:139957105055488]: connect_blocking: connected 173.194.76.16:587 2019.01.04 14:54:36 LOG5[7437:139957105055488]: Service [ssmtp] connected remote server from 192.168.178.57:52192 2019.01.04 14:54:36 LOG3[7437:139957105055488]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2019.01.04 14:54:36 LOG5[7437:139957105055488]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>Now Open SSL:<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>Openssl output:<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>openssl s_client -connect localhost:1925 CONNECTED(00000003)<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>write:errno=104<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>no peer certificate available<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>No client certificate CA names sent<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>SSL handshake has read 0 bytes and written 289 bytes<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1546610402 Timeout : 300 (sec) Verify return code: 0 (ok)<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;vertical-align:baseline'><span lang=EN-US style='font-size:11.5pt;font-family:"inherit",serif;color:#242729;mso-fareast-language:DE'>What do I miss here; what is running wrong ?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-family:Helvetica;mso-fareast-language:DE'>Mit freundlichen Grüßen/ best regards</span><span style='font-size:16.0pt;font-family:"Cambria",serif;mso-fareast-language:DE'><o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-family:Helvetica;mso-fareast-language:DE'> </span><span style='font-size:16.0pt;font-family:"Cambria",serif;mso-fareast-language:DE'><o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-family:Helvetica;mso-fareast-language:DE'>Klaus Klöser<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><o:p> </o:p></p></div></body></html>