[stunnel-users] stunnel compatibility problems between Windows & Linux ?
Ewald
stunnel at oiepoie.nl
Mon Oct 26 18:06:14 CET 2009
I am running an stunnel in chroot setup on a Red Hat Enterprise Linux Server
(v3) :
stunnel 4.27 on x86_64-unknown-linux-gnu with OpenSSL 0.9.7a Feb 19 2003
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
And i want to connect from a Windows 2003 system (als version 4.27)
When i try to do a basic connect from the Windows stunnel to the Linux
stunnel, the connection gets reset each time, ssldump shows:
New TCP connection #1: hans13(1363) <-> nada(25000)
1 1 0.0000 (0.0000) C>S Handshake
ClientHello
Version 3.0
cipher suites
Unknown value 0x39
Unknown value 0x38
Unknown value 0x35
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0x33
Unknown value 0x32
Unknown value 0x2f
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
compression methods
unknown value
NULL
1 2 0.0000 (0.0000) S>C Alert
level fatal
value handshake_failure
1 0.0000 (0.0000) S>C TCP RST
Stunnel logging shows:
2009.10.26 10:37:25 LOG7[29959:1073879408]: xxx started
2009.10.26 10:37:25 LOG7[29959:1073879408]: FD 7 in non-blocking mode
2009.10.26 10:37:25 LOG5[29959:1073879408]: tfe accepted connection from 10.10.10.10:1250
2009.10.26 10:37:25 LOG7[29959:1073879408]: SSL state (accept): before/accept initialization
2009.10.26 10:37:25 LOG7[29959:1073879408]: SSL alert (write): fatal: handshake failure
2009.10.26 10:37:25 LOG3[29959:1073879408]: SSL_accept: 1408A09F: error:1408A09F:SSL routines:SSL3_GET_CLIENT_HELLO:length mismatch
2009.10.26 10:37:25 LOG5[29959:1073879408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2009.10.26 10:37:25 LOG7[29959:1073879408]: xxx finished (-1 left)
When i explicitly configure the Windows stunnel to use:
sslVersion = SSLv2
or
sslVersion = TLSv1 (see ssldump logging below)
everything works fine.
Is this a known bug or an undocumented feature?
Ewald...
New TCP connection #3: hans13.amc.nl(1367) <-> nada.amc.nl(25000)
3 1 0.0000 (0.0000) C>S Handshake
ClientHello
Version 3.1
resume [32]=
b8 a1 d2 93 6a ae 4a 0d 49 04 cd 88 92 75 f1 6d
d7 65 88 c3 01 51 bf eb d4 44 ce b7 fd 75 32 64
cipher suites
Unknown value 0x39
Unknown value 0x38
Unknown value 0x35
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0x33
Unknown value 0x32
Unknown value 0x2f
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
compression methods
unknown value
NULL
3 2 0.0000 (0.0000) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
b8 a1 d2 93 6a ae 4a 0d 49 04 cd 88 92 75 f1 6d
d7 65 88 c3 01 51 bf eb d4 44 ce b7 fd 75 32 64
cipherSuite Unknown value 0x35
compressionMethod NULL
etc...
More information about the stunnel-users
mailing list