[stunnel-users] Problems with Stunnel 4.5*

Sun Dec 11 23:39:34 CET 2011

Hello,

many thanks for your answer.

> And convert your PKCS12 couple key/cert to PEM format

Convert? I've generated my certificate/priv-key pair by:
openssl genpkey -algorithm RSA -aes128 -pkeyopt rsa_keygen_bits:4096 -out
key.pem
openssl req -new -x509 -sha384 -priv_key.pem -verify -config openssl.conf
-out cert.pem

And with Stunnel 4.47 (OpenSSL 1.0) there are no problems.

> Then for compatible ciphers choose,this is the build in in openssl of
> stunnel 4.50 or 4.51 :
> ...
> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

"AES128-SHA" means SHA1 and not SHA2 (e.g. SHA384), right?
Stunnel 4.5* (OpenSSL 0.9.8-fips) would therefore support only SHA1 (and
MD5). This would be very a pity because SHA1 is contested.

Is FIPS really so important that a Downgrade of OpenSSL from 1.0 on 0.9.8 is
acceptable?

Regards
Sebastian

> Hi,
> 
> Your log said there is a problem with your cert/key.
> 
> Your certificate/priv-key pair must be in RSA or DSA format key.
> 
> IDEA and RSA are part of ciphers, not part of key/cert.
> 
> Use openssl given to you to make this manipations :
> - Open CMD windows with administrator right
> - cd C:\Program Files (x86)\stunnel
> 
> 
> And convert your PKCS12 couple key/cert to PEM format by this :
> 
> # export certificate and passphrase-less key
> openssl pkcs12 -in mycert.pfx -out mycert.pem -nodes
> 
> # same as above, but you'll be prompted for a passphrase for
> # the private key
> openssl pkcs12 -in mycert.pfx -out mycert.pem
> 
> 
> Then verify that you PEM file is valid by that :
> 
> openssl verify mycert.pem
> 
> If it is ok, then put in your stunnel.conf
> cert = mycert.pem
> 
> And Retry.
> 
> 
> Then for compatible ciphers choose,this is the build in in openssl of
> stunnel 4.50 or 4.51 :
> 
> 
> C:\>cd C:\Program Files (x86)\stunnel
> 
> C:\Program Files (x86)\stunnel>openssl.exe ciphers -v
> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
> EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
> DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
> DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
> IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
> IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5
> RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
> RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
> EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
> EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
> DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
> DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
> EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1
> export
> EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1
> export
> EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
> EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
> EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
> EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
> EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
> 
> 
> 
> 
> Ludovic.
> 
> 
> > Hello Mike,
> >
> > I can make only a statement about the Non-FIPS mode, because Stunnel
> 4.5*
> > starts only if "fips = no" is set (without Windows gives an error
> message).
> >
> > I have tested both a RSA-SHA384/AES128 certificate/priv-key pair and
> a
> > RSA-RMD160/IDEA certificate/priv-key pair. Both does not work.
> > (SHA384/AES128 is validated by FIPS 140-2, but not provided by
> PKCS12. Could
> > it be due to it?)
> >
> > Yours sincerely
> > Sebastian
> >
> >> Sebastian Rose-Indorf wrote:
> >>> Stunnel 4.51b1 however
> >>> - starts only if "fips = no" is set;
> >>> - not accepts my certificate and my private key (SHA384 or RMD160,
> >>> AES128
> >>> or IDEA) any more:
> >>>
> >>> error queue: 140B0009: error:140B0009:SSL
> >>> routines:SSL_CTX_use_PrivateKey_file:PEM lib
> >>> error queue: 907B00D: error:0907B00D:PEM
> >>> routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib
> >>> error queue: 2306A075: error:2306A075:PKCS12
> >>> routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
> >>> error queue: 23077073: error:23077073:PKCS12
> >>> routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error
> >>> SSL_CTX_use_PrivateKey_file: 6074079: error:06074079:digital
> envelope
> >>> routines:EVP_PBE_CipherInit:unknown pbe algorithm
> >> Do you mean that stunnel does not accept non-FIPS-approved
> algorithms
> >> in FIPS mode?  I suppose this is something to to be expected...
> >>
> >> Or maybe you rather mean that in FIPS mode it does not start at all
> >> (what does it mean exactly?), and with FIPS mode turned off you
> still
> >> can't use non-FIPS algorithms?
> >>
> >> This essay may be helpful:
> >> http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
> >>
> >> BTW: While it's perfectly okay that OpenSSL doesn't accept IDEA as
> PBE
> >> algorithm (who would want to use IDEA, anyway), I'm surprised there
> >> are also problems with AES128.  It might be a good idea to report it
> >> to openssl-users mailing list...
> >>
> >> Mike
> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users