<div>Hi Jose,</div><div> </div><div>Thank you for your reply. I double checked and actually there is SSL handshake. Sorry, it was my mistake I did not analyze WireShark capture carefully.</div><div> </div><div>But handshake failed and here is stunnel log:</div>
<div> </div><div>2012.01.25 09:39:58 LOG5[1944:6264]: stunnel 4.52 on x86-pc-mingw32-gnu platform<br>2012.01.25 09:39:58 LOG5[1944:6264]: Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012<br>2012.01.25 09:39:58 LOG5[1944:6264]: Threading:WIN32 SSL:ENGINE,FIPS Auth:none Sockets:SELECT,IPv6<br>
2012.01.25 09:39:58 LOG5[1944:6264]: Reading configuration from file stunnel.conf<br>2012.01.25 09:39:58 LOG5[1944:6264]: FIPS mode is enabled<br>2012.01.25 09:39:58 LOG5[1944:6264]: Configuration successful<br>2012.01.25 09:40:13 LOG5[1944:4724]: Service Router accepted connection from <a href="http://192.168.1.161:59519">192.168.1.161:59519</a><br>
2012.01.25 09:40:13 LOG5[1944:4724]: connect_blocking: connected <a href="http://192.168.160.168:55443">192.168.160.168:55443</a><br>2012.01.25 09:40:13 LOG5[1944:4724]: Service Router connected remote server from <a href="http://192.168.1.121:52250">192.168.1.121:52250</a><br>
2012.01.25 09:40:13 LOG3[1944:4724]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number<br>2012.01.25 09:40:13 LOG5[1944:4724]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket<br>
</div><div><div>Server is setup for SSL3.0. </div><div> </div></div><div>Best regards,</div><div>Denis<br><br></div><div class="gmail_quote">2012/1/24 Jose Alf. <span dir="ltr"><<a href="mailto:josealf@rocketmail.com">josealf@rocketmail.com</a>></span><br>
<blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"><div><div style="font-family:bookman old style,new york,times,serif;font-size:12pt">
<div><span>Denis,</span></div><div><span><br></span></div><div><span>Looks like your configuration is incomplete. Check the sample stunnel.conf file in the stunnel distribution. Read the man page. Post your log file.<br>
</span></div><div><br><span></span></div><div><span>Try adding lines like these before [Router]</span></div><div><br><span></span></div><div><span>sslVersion = SSLv3<br><br>cert=stunnel.pem<br>key=stunnel.pem<br><br># Authentication stuff, try 0 for test<br>
verify = 0<br><br>CApath = /your/CAcerts/path<br><br>debug = 7<br>output = stunnel.log<br><br><br></span></div><div><br></div> <div style="font-family:bookman old style,new york,times,serif;font-size:12pt"> <div style="font-family:times new roman,new york,times,serif;font-size:12pt">
<div dir="ltr"> <font face="Arial"> <hr size="1">
<b><span style="font-weight:bold">From:</span></b> Denis Berezhnoy <<a href="mailto:denis.berezhnoy@gmail.com" target="_blank">denis.berezhnoy@gmail.com</a>><br> <b><span style="font-weight:bold">To:</span></b> <a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a> <br>
<b><span style="font-weight:bold">Sent:</span></b> Tuesday, January 24, 2012 6:10 PM<br> <b><span style="font-weight:bold">Subject:</span></b> [stunnel-users] No SSL handshake between stunnel in client mode and SSL server<br>
</font> </div><div><div class="h5"> <br>
<div><div>Hi guys, </div><div>I have a quick question. I am trying to use stunnel in client mode to encrypt traffic going to my server.</div><div>Basically, I have a server which listens for SSL connection. And I have a client which can not do SSL but it needs to communicate with server over SSL. </div>
<div>I setup stunnel in client mode to accept unecrypted traffic from client and redirect it to server over SSL. I checked TCP traffic with WireShark between stunnel and my server and I can see that there is no SSL handshake, stunnel makes TCP connection with server and sends some TCP packets but I expect to see SSL handshake.</div>
<div>My stunnel conf file is here:</div><div>[Router]<br>client=yes<br>accept = <a href="http://192.168.1.121:55555" rel="nofollow" target="_blank">192.168.1.121:55555</a><br>connect = <a href="http://192.168.160.168:55443" rel="nofollow" target="_blank">192.168.160.168:55443</a></div>
<div>Can you please comment on this?</div>
<div>Best regards,</div><div>Denis</div>
</div><br></div></div>_______________________________________________<br>stunnel-users mailing list<br><a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br><a href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users" target="_blank">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</a><br>
<br><br> </div> </div> </div></div></blockquote></div><br>