[stunnel-users] routines:ssl3_read_bytes:sslv3 alert certificate unknown

• Previous message (by thread): [stunnel-users] routines:ssl3_read_bytes:sslv3 alert certificate unknown
• Next message (by thread): [stunnel-users] routines:ssl3_read_bytes:sslv3 alert certificate unknown
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

verifyPeer should be no by default. I added it anyway and still have the
same problem. I see all the defaults does not require any certificate
verification.
Any other ideas? I

Z

On Mon, Dec 4, 2017 at 11:59 AM, Josealf.rm <josealf at rocketmail.com> wrote:

> Try adding verifyPeer=no
>
> Stunnel does not trust the certificate presented by the server. Review the
> man page regarding certificate verification.
>
> Saludos
> Jose Alfredo Diaz
>
>
>
> On Dec 4, 2017, at 4:24 AM, Ziad Badawi <ZiadR.B at gmail.com> wrote:
>
> Greetings,
>
> I am trying to capture clear text pcaps from client (browser) - server
> (java appserver) traffic.
>
> The java appserver is jboss using https. I'm running jboss and stunnel on
> the same machine.
>
> # stunnel.conf
> debug = 3
> foreground = yes
> [jboss]
> client = yes
> cert= stunnel.pem # generated using makecert.sh
> accept = 1234
> connect = 127.0.0.1:443
>
> Version:
> stunnel 5.44 on x86_64-pc-linux-gnu platform
> Compiled/running with OpenSSL 1.0.2k-fips  26 Jan 2017
> Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
>
> Global options:
> RNDbytes               = 64
> RNDfile                = /dev/urandom
> RNDoverwrite           = yes
>
> Service-level options:
> ciphers                = FIPS (with "fips = yes")
> ciphers                = HIGH:!DH:!aNULL:!SSLv2 (with "fips = no")
> curve                  = prime256v1
> debug                  = daemon.notice
> logId                  = sequential
> options                = NO_SSLv2
> options                = NO_SSLv3
> sessionCacheSize       = 1000
> sessionCacheTimeout    = 300 seconds
> stack                  = 65536 bytes
> TIMEOUTbusy            = 300 seconds
> TIMEOUTclose           = 60 seconds
> TIMEOUTconnect         = 10 seconds
> TIMEOUTidle            = 43200 seconds
> verify                 = none
>
> When I try to test it usng firefox by browsing to https://localhost:1234,
> FF returns "Secure Connection Failed" and stunnel spits
>
> 2017.12.01 20:35:10 LOG3[0]: SSL_connect: 14094416: error:14094416:SSL
> routines:ssl3_read_bytes:sslv3 alert certificate unknown
>
> What am I missing / doing wrong?
> Regards
>
> Z
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20171204/d8088314/attachment.html>

• Previous message (by thread): [stunnel-users] routines:ssl3_read_bytes:sslv3 alert certificate unknown
• Next message (by thread): [stunnel-users] routines:ssl3_read_bytes:sslv3 alert certificate unknown
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]