[stunnel-users] server does not send its cert?

Keresztfalvi Laszlo lkereszt at gmail.com
Tue Feb 14 13:54:35 CET 2012


One more thing..

2012.02.14 13:13:32 LOG6[87260:136504]: Negotiated ciphers: RC4-SHA SSLv3
Kx=RSA Au=RSA *Enc=RC4(128)* Mac=SHA1

RC4 128-bit is not something that considered secure. I don't know why this
was choosen but probably this caused that FIPS mode rejected the connection?

Best Regards,
Laszlo


On Tue, Feb 14, 2012 at 13:29, Keresztfalvi Laszlo <lkereszt at gmail.com>wrote:

> Jose,
>
> Oh, yeah! This solved the problem!
>
> Actually, *fips = no* alone was enough to let the certs meet.
>
> Previously, I just didn't bothered the FIPS setting since I couldn't
> imagine that non-approved protocols would be used or any crypto/algo
> deviances would show up.. in such a simple case :) It was very frustrating
> that the OpenSSL test commands (s_server, s_client) worked.
>
> You may leave this solution visible for Google or extend the documentation
> / FAQ  to help others.. No relevant document showed up for the next search
> strings:
>
> SSL3_GET_CERTIFICATE_REQUEST:tls client cert req with anon cipher
>  SSL3_READ_BYTES:sslv3 alert unexpected message
>
> Thank you very very much!
> Laszlo
>
>
>
> On Tue, Feb 14, 2012 at 12:06, <josealf at rocketmail.com> wrote:
>
>> Laszlo,
>>
>> Please add
>>
>>  key=stunnel.pem
>>  fips=no
>>
>>  to your config files.
>> Make sure stunnel.pem contains the certifcate and private key for each
>> computer. Try again and let us know the results.
>>
>> Regards
>> Jose
>>
>> -----Original Message-----
>> From: Keresztfalvi Laszlo <lkereszt at gmail.com>
>> Sender: stunnel-users-bounces at stunnel.org
>> Date: Tue, 14 Feb 2012 10:05:15
>> To: <stunnel-users at stunnel.org>
>> Subject: [stunnel-users] server does not send its cert?
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120214/f950d205/attachment.html>


More information about the stunnel-users mailing list