Hi Jose,
Thank you for your reply. I double checked and actually there is SSL handshake. Sorry, it was my mistake I did not analyze WireShark capture carefully.
But handshake failed and here is stunnel log:
2012.01.25 09:39:58 LOG5[1944:6264]: stunnel 4.52 on x86-pc-mingw32-gnu platform 2012.01.25 09:39:58 LOG5[1944:6264]: Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012 2012.01.25 09:39:58 LOG5[1944:6264]: Threading:WIN32 SSL:ENGINE,FIPS Auth:none Sockets:SELECT,IPv6 2012.01.25 09:39:58 LOG5[1944:6264]: Reading configuration from file stunnel.conf 2012.01.25 09:39:58 LOG5[1944:6264]: FIPS mode is enabled 2012.01.25 09:39:58 LOG5[1944:6264]: Configuration successful 2012.01.25 09:40:13 LOG5[1944:4724]: Service Router accepted connection from 192.168.1.161:59519 2012.01.25 09:40:13 LOG5[1944:4724]: connect_blocking: connected 192.168.160.168:55443 2012.01.25 09:40:13 LOG5[1944:4724]: Service Router connected remote server from 192.168.1.121:52250 2012.01.25 09:40:13 LOG3[1944:4724]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2012.01.25 09:40:13 LOG5[1944:4724]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket Server is setup for SSL3.0.
Best regards, Denis
2012/1/24 Jose Alf. [email protected]
Denis,
Looks like your configuration is incomplete. Check the sample stunnel.conf file in the stunnel distribution. Read the man page. Post your log file.
Try adding lines like these before [Router]
sslVersion = SSLv3
cert=stunnel.pem key=stunnel.pem
# Authentication stuff, try 0 for test verify = 0
CApath = /your/CAcerts/path
debug = 7 output = stunnel.log
*From:* Denis Berezhnoy [email protected] *To:* [email protected] *Sent:* Tuesday, January 24, 2012 6:10 PM *Subject:* [stunnel-users] No SSL handshake between stunnel in client mode and SSL server
Hi guys, I have a quick question. I am trying to use stunnel in client mode to encrypt traffic going to my server. Basically, I have a server which listens for SSL connection. And I have a client which can not do SSL but it needs to communicate with server over SSL. I setup stunnel in client mode to accept unecrypted traffic from client and redirect it to server over SSL. I checked TCP traffic with WireShark between stunnel and my server and I can see that there is no SSL handshake, stunnel makes TCP connection with server and sends some TCP packets but I expect to see SSL handshake. My stunnel conf file is here: [Router] client=yes accept = 192.168.1.121:55555 connect = 192.168.160.168:55443 Can you please comment on this? Best regards, Denis
stunnel-users mailing list [email protected] http://stunnel.mirt.net/mailman/listinfo/stunnel-users