[stunnel-users] No SSL handshake between stunnel in client mode and SSL server

Jose Alf. josealf at rocketmail.com
Thu Jan 26 05:19:00 CET 2012


Please review this:


In particular, check that you have your signing CA certificates (hashed) in your CaPath.

Do the tests with openssl connect and post sanitized results if you are in trouble.


 From: Denis Berezhnoy <denis.berezhnoy at gmail.com>
To: Jose Alf. <josealf at rocketmail.com> 
Cc: "stunnel-users at stunnel.org" <stunnel-users at stunnel.org> 
Sent: Wednesday, January 25, 2012 9:55 AM
Subject: Re: [stunnel-users] No SSL handshake between stunnel in client mode and SSL server

Hi Jose,
Thank you for your reply. I double checked and actually there is SSL handshake. Sorry, it was my mistake I did not analyze WireShark capture carefully.
But handshake failed and here is stunnel log:
2012.01.25 09:39:58 LOG5[1944:6264]: stunnel 4.52 on x86-pc-mingw32-gnu platform
2012.01.25 09:39:58 LOG5[1944:6264]: Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012
2012.01.25 09:39:58 LOG5[1944:6264]: Threading:WIN32 SSL:ENGINE,FIPS Auth:none Sockets:SELECT,IPv6
2012.01.25 09:39:58 LOG5[1944:6264]: Reading configuration from file stunnel.conf
2012.01.25 09:39:58 LOG5[1944:6264]: FIPS mode is enabled
2012.01.25 09:39:58 LOG5[1944:6264]: Configuration successful
2012.01.25 09:40:13 LOG5[1944:4724]: Service Router accepted connection from
2012.01.25 09:40:13 LOG5[1944:4724]: connect_blocking: connected
2012.01.25 09:40:13 LOG5[1944:4724]: Service Router connected remote server from
2012.01.25 09:40:13 LOG3[1944:4724]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2012.01.25 09:40:13 LOG5[1944:4724]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

Server is setup for SSL3.0. 
Best regards,

2012/1/24 Jose Alf. <josealf at rocketmail.com>

>Looks like your configuration is incomplete. Check  the sample stunnel.conf file in the stunnel distribution. Read the man page. Post your log file.
>Try adding lines like these before [Router]
>sslVersion = SSLv3
># Authentication stuff, try 0 for test
>verify = 0
>CApath = /your/CAcerts/path
>debug = 7
>output = stunnel.log
> From: Denis Berezhnoy <denis.berezhnoy at gmail.com>
>To: stunnel-users at stunnel.org 
>Sent: Tuesday, January 24, 2012 6:10 PM
>Subject: [stunnel-users] No SSL handshake between stunnel in client mode and SSL server
>Hi guys, 
>I have a quick question. I am trying to use stunnel in client mode to encrypt traffic going to my server.
>Basically, I have a server which listens for SSL connection. And I have a client which can not do SSL but it needs to communicate with server over SSL. 
>I setup stunnel in client mode to accept unecrypted traffic from client and redirect it to server over SSL. I checked TCP traffic with WireShark between stunnel  and my server and I can see that there is no SSL handshake, stunnel makes TCP connection with server and sends some TCP packets but I expect to see SSL handshake.
>My stunnel conf file is here:
>accept =
>connect =
>Can you please comment on this?
>Best regards,
>stunnel-users mailing list
>stunnel-users at stunnel.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120125/96961ac3/attachment.html>

More information about the stunnel-users mailing list