[stunnel-users] [EXTERNAL] Re: Stunnel connection issue?

Mon Jul 9 14:26:08 CEST 2018

Will,

I was told to ignore the SSLv3 stuff in the log. I have options set to allow only TLS1.2 and still see SSLv3 references in the log.

Best regards,

Dan

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Spies, Will
Sent: Monday, July 9, 2018 6:26 AM
To: Peter Pentchev <roam at ringlet.net>
Cc: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] [EXTERNAL] Re: Stunnel connection issue?

So,  part of this appeared to be I needed a signed cert from a CA.  However,  I still have problems.

Alexa apparently requires 'Interleaved TCP on port 443 (for both RTP and RTSP). TCP socket encryption on port 443 using TLS 1.2'

How do I force Stunnel to only adhere to above?  I get the 443 part of course.  I am seeing it try SSLv3 in the log and I imagine this is wrong.

-----Original Message-----
From: Peter Pentchev [mailto:roam at ringlet.net]
Sent: Thursday, July 05, 2018 8:47 AM
To: Spies, Will <Will_Spies at cable.comcast.com>
Cc: stunnel-users at stunnel.org
Subject: Re: [EXTERNAL] Re: [stunnel-users] Stunnel connection issue?

On Thu, Jul 05, 2018 at 11:41:18AM +0000, Spies, Will wrote:
> Thanks for the quick response. The client is an Echo Show device and
> there is no log. It is an RTSP connection and my backend (behind
> Stunnel) is Live555ProxyServer.  I read somewhere there is some bug
> related to MSIE that closed the connection like this and the fix is to
> use TIMEOUTclose=0 which I did but this did not help. This is the
> earlier (startup) portion of my log:

Hi,

Unfortunately, without more information about what the client doesn't like about the established connection, I don't think there is anything more I can help you with :(  You *might* try playing with stunnel's cipher settings (OpenSSL options), on the off chance that the client is somewhat confused and offers for negotiation a cipher or something that it later realizes it cannot support... but that would be really weird.

G'luck,
Peter

--
Peter Pentchev  roam@{ringlet.net,debian.org,FreeBSD.org} pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13 _______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.

Click http://www.emdgroup.com/emd/imprint/mail_disclaimer.html to access the German, French, Spanish and Portuguese versions of this disclaimer.