A possible solution to the below question that I asked was to create a 64B/512b PSK and sharing that with the server -- then the next issue surface when trying to connect TLS - Close Notify ( I believe from the server's side)

Also I changed to:
sslVersionMin = TLSv1.2
sslVersionMax = TLSv1.2
And if it was not belfore:

client = yes

On Fri, May 12, 2023 at 8:32 AM <trashrap22@gmail.com> wrote:
I get the following error running 'sudo service stunnel4 status'  :

LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

is that merely a mismatch between openSSL versions used by client and server?

I have tried changing the config file options, also with no specification since the default according to stunnel.org is:

    options = NO_SSLv2
    options = NO_SSLv3

I have tried (service level option):
   sslVersion = TLSv1

Same error.  When running sudo service stunnel4 status after start:

    May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
    May 12 08:22:45 user-Linux stunnel4[16616]: Starting TLS tunnels: /etc/stunnel/stunnel.conf: started
    May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
    May 12 08:22:45 user-Linux systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).
    May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: UTF-8 byte order mark not detected
    May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: FIPS mode disabled
    May 12 08:22:45 user-Linux stunnel[16630]: LOG4[ui]: Insecure file permissions on /var/lib/stunnel4/psk.txt
    May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Configuration successful
    May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Switched to chroot directory: /var/lib/stunnel4/
    May 12 08:22:45 user-Linux stunnel[16632]: LOG5[cron]: Updating DH parameters

After trying to make a connection via FIX connection:

    May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service [**redacted**] started
    May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Setting local socket options (FD=3)
    May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Option TCP_NODELAY set on local socket
    May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Service [**redacted**] accepted connection from 127.0.0.1:51954
    May 12 08:28:04 user-Linux stunnel[16798]: LOG6[0]: Peer certificate not required
    May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: TLS state (accept): before SSL initialization
    May 12 08:28:04 user-Linux stunnel[16798]: LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
    May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
    May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Local descriptor (FD=3) closed
    May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service [**redacted**] finished (0 left)
_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-leave@stunnel.org