[stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?

Leandro Avila leandro.avila at ymail.com
Fri Dec 19 01:31:23 CET 2014


What did Redhat changed?

I would start there. See if any of their changes would affect your setup.

You can also check that both sides of the connection are using the same TLS version 

Powered by iOS

> On Dec 18, 2014, at 08:27, H.U.Fl├╝ck <huf at inomatix.com> wrote:
> 
> Hello 
> 
> I realized that the latest RHEL6 updates including stunnel-4.29-3.el6_6.1
> break our Stunnel connections!
> 
> We are forced to go back to previous version stunnel-4.29-3.el6_4 in order
> to have the systems running again, and blocking Stunnel updates in
> /etc/yum.conf for the moment.
> 
> Our typical client config and server configs are as follows:
> 
> Client (5.08):
> **********
> client = yes
> compression = zlib
> sslversion = TLSv1
> delay = yes
> debug = 7
> taskbar = yes
> 
> cert = my.pem
> 
> [abas_ssh]
> accept = 127.0.30.10:5303
> connect = firewall.client.dom:5303
> 
> Server, xinetd.d:
> *************
> service stunnel_ssh
> {
>        disable          = no
>        socket_type      = stream
>        instances        = UNLIMITED
>        per_source       = UNLIMITED
>        wait             = no
>        user             = root
>        server           = /usr/bin/stunnel
>        server_args      = /etc/stunnel/stunnel_ssh.conf
>        log_on_success  += HOST DURATION
>        log_on_failure  += HOST
> }
> 
> Server, stunnel_ssh.conf
> ****************
> cert = /support/stunnel/cert/server.pem
> CApath = / support /stunnel/hash/
> verify = 3
> debug = 7
> connect = 192.168.1.100:22
> 
> The error thrown is something like: 
> Dec 17 17:30:23 srvabas stunnel: LOG3[3385:140171595282368]: SSL_accept:
> 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> protocol
> 
> What are we missing? Do we need to change the configuration?
> 
> Any help is highly appreciated.
> 
> Kind regards
> H.U.Flueck
> 
> 
> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users


More information about the stunnel-users mailing list