[stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?

H.U.Fl├╝ck huf at inomatix.com
Thu Dec 18 15:27:48 CET 2014


I realized that the latest RHEL6 updates including stunnel-4.29-3.el6_6.1
break our Stunnel connections!

We are forced to go back to previous version stunnel-4.29-3.el6_4 in order
to have the systems running again, and blocking Stunnel updates in
/etc/yum.conf for the moment.

Our typical client config and server configs are as follows:

Client (5.08):
client = yes
compression = zlib
sslversion = TLSv1
delay = yes
debug = 7
taskbar = yes

cert = my.pem

accept =
connect = firewall.client.dom:5303

Server, xinetd.d:
service stunnel_ssh
        disable          = no
        socket_type      = stream
        instances        = UNLIMITED
        per_source       = UNLIMITED
        wait             = no
        user             = root
        server           = /usr/bin/stunnel
        server_args      = /etc/stunnel/stunnel_ssh.conf
        log_on_success  += HOST DURATION
        log_on_failure  += HOST

Server, stunnel_ssh.conf
cert = /support/stunnel/cert/server.pem
CApath = / support /stunnel/hash/
verify = 3
debug = 7
connect =

The error thrown is something like: 
Dec 17 17:30:23 srvabas stunnel: LOG3[3385:140171595282368]: SSL_accept:
140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown

What are we missing? Do we need to change the configuration?

Any help is highly appreciated.

Kind regards

More information about the stunnel-users mailing list