[stunnel-users] unknown protocol

Brandon Glenn kocrachon at gmail.com
Fri Jan 11 23:08:47 CET 2013


  I am currently trying to setup stunnel to help me send emails from a
program that sends alerts but does not use SSL, to a cloud email service
that I use that requires SSL. I have the configuration setup trying to find
out where the error is, and I am down to this last error.



SSL23_GET_CLIENT_HELLO:unknown protocol



Here is my config file.



; Sample stunnel configuration file for Win32 by Michal Trojnara 2002-2012

; Some options used here may be inadequate for your particular configuration

; This sample file does *not* represent stunnel.conf defaults

; Please consult the manual for detailed description of available options



; **************************************************************************

; * Global options                                                         *

; **************************************************************************



; Debugging stuff (may useful for troubleshooting)

;debug = 7

;output = stunnel.log



; Disable FIPS mode to allow non-approved protocols and algorithms

fips = no



; **************************************************************************

; * Service defaults may also be specified in individual service sections  *

; **************************************************************************



; Certificate/key is needed in server mode and optional in client mode

cert = stunnel.pem

;key = stunnel.pem



; Authentication stuff needs to be configured to prevent MITM attacks

; It is not enabled by default!

;verify = 2

; Don't forget to c_rehash CApath

;CApath = certs

; It's often easier to use CAfile

;CAfile = certs.pem

; Don't forget to c_rehash CRLpath

;CRLpath = crls

; Alternatively CRLfile can be used

;CRLfile = crls.pem



sslVersion = all



; Disable support for insecure SSLv2 protocol

options = NO_SSLv2

; Workaround for Eudora bug

;options = DONT_INSERT_EMPTY_FRAGMENTS



; These options provide additional security at some performance degradation

;options = SINGLE_ECDH_USE

;options = SINGLE_DH_USE



; **************************************************************************

; * Service definitions (at least one service has to be defined)           *

; **************************************************************************



; The default certificate

cert = stunnel.pem

; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1

; Set client mode client = yes

; GMail ssmtp settings

[ssmtp]

accept = 25

connect = 174.129.0.38:465



; GMail pop3s settings

[pop3s]

accept = 110

connect = 174.129.0.38:995

; GMail imaps settings

[imaps]

accept = 143

connect = 174.129.0.38:993



; Example SSL front-end to a web server



;[https]

;accept  = 443

;connect = 80

; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL

; Microsoft implementations do not use SSL close-notify alert and thus

; they are vulnerable to truncation attacks

;TIMEOUTclose = 0



; vim:ft=dosini
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130111/9add32f9/attachment.html>


More information about the stunnel-users mailing list