[stunnel-users] No SSL handshake between stunnel in client mode and SSL server
josealf at rocketmail.com
Thu Jan 26 05:19:00 CET 2012
Please review this:
In particular, check that you have your signing CA certificates (hashed) in your CaPath.
Do the tests with openssl connect and post sanitized results if you are in trouble.
From: Denis Berezhnoy <denis.berezhnoy at gmail.com>
To: Jose Alf. <josealf at rocketmail.com>
Cc: "stunnel-users at stunnel.org" <stunnel-users at stunnel.org>
Sent: Wednesday, January 25, 2012 9:55 AM
Subject: Re: [stunnel-users] No SSL handshake between stunnel in client mode and SSL server
Thank you for your reply. I double checked and actually there is SSL handshake. Sorry, it was my mistake I did not analyze WireShark capture carefully.
But handshake failed and here is stunnel log:
2012.01.25 09:39:58 LOG5[1944:6264]: stunnel 4.52 on x86-pc-mingw32-gnu platform
2012.01.25 09:39:58 LOG5[1944:6264]: Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012
2012.01.25 09:39:58 LOG5[1944:6264]: Threading:WIN32 SSL:ENGINE,FIPS Auth:none Sockets:SELECT,IPv6
2012.01.25 09:39:58 LOG5[1944:6264]: Reading configuration from file stunnel.conf
2012.01.25 09:39:58 LOG5[1944:6264]: FIPS mode is enabled
2012.01.25 09:39:58 LOG5[1944:6264]: Configuration successful
2012.01.25 09:40:13 LOG5[1944:4724]: Service Router accepted connection from 192.168.1.161:59519
2012.01.25 09:40:13 LOG5[1944:4724]: connect_blocking: connected 192.168.160.168:55443
2012.01.25 09:40:13 LOG5[1944:4724]: Service Router connected remote server from 192.168.1.121:52250
2012.01.25 09:40:13 LOG3[1944:4724]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2012.01.25 09:40:13 LOG5[1944:4724]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
Server is setup for SSL3.0.
2012/1/24 Jose Alf. <josealf at rocketmail.com>
>Looks like your configuration is incomplete. Check the sample stunnel.conf file in the stunnel distribution. Read the man page. Post your log file.
>Try adding lines like these before [Router]
>sslVersion = SSLv3
># Authentication stuff, try 0 for test
>verify = 0
>CApath = /your/CAcerts/path
>debug = 7
>output = stunnel.log
> From: Denis Berezhnoy <denis.berezhnoy at gmail.com>
>To: stunnel-users at stunnel.org
>Sent: Tuesday, January 24, 2012 6:10 PM
>Subject: [stunnel-users] No SSL handshake between stunnel in client mode and SSL server
>I have a quick question. I am trying to use stunnel in client mode to encrypt traffic going to my server.
>Basically, I have a server which listens for SSL connection. And I have a client which can not do SSL but it needs to communicate with server over SSL.
>I setup stunnel in client mode to accept unecrypted traffic from client and redirect it to server over SSL. I checked TCP traffic with WireShark between stunnel and my server and I can see that there is no SSL handshake, stunnel makes TCP connection with server and sends some TCP packets but I expect to see SSL handshake.
>My stunnel conf file is here:
>accept = 192.168.1.121:55555
>connect = 192.168.160.168:55443
>Can you please comment on this?
>stunnel-users mailing list
>stunnel-users at stunnel.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users