[stunnel-users] Weird error when trying to use 512bit RSA key

Leandro Avila leandro.avila at ymail.com
Tue Apr 12 07:52:06 CEST 2011

The problem seems to be the key size

If you use a 512 key for stunnel it works

However, when the key used by stunnel is 1024 and you try to use 

the EXP-RC4-MD5 cipher, a temporary 512 key is generated BUT
that fails. 

So I tested: 

Stunnel 4.35 and OpenSSL 1.0.0d

Using a 512 RSA key and EXP-RC4-MD5 works
Using a 1025 RSA key and EXP-RC4-MD5 fails

Looks more like an OpenSSL thing. I'm uncertain about how this
situation is handled in the protocol spec. When the server has a
1024 key but the client wants to negotiate with a smaller key.

Leandro Avila

----- Original Message -----
From:Outofwall.com <root at outofwall.com>
To:stunnel-users-bounces at stunnel.org; stunnel-users at stunnel.org
Sent:Monday, April 11, 2011 10:39 PM
Subject:Re: [stunnel-users] Weird error when trying to use 512bit RSA key

In fact, I'm using TLSv1, just use the custom ciphers list. Here's
what I have on the server side:

ciphers EXP-RC4-MD5:ALL

and test

sunyc at www:~$ openssl s_client -tls1 -connect ssl.sgivpn.info:443
-cipher EXP-RC4-MD5
depth=0 /C=US/ST=CA/O=XXX
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=CA/O=XXX
verify return:1
32684:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:s3_pkt.c:1093:SSL alert number 40
32684:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake

Apr 11 18:57:35 localhost stunnel: LOG3[8319:139884220368640]:
SSL_accept: 1409B11A: error:1409B11A:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:error generating tmp rsa key

Both client and server is running ubuntu 10.04, with openssl 0.9.8k I think.

stunnel-users mailing list
stunnel-users at stunnel.org

More information about the stunnel-users mailing list