Jose,<br><br>Oh, yeah! This solved the problem!<br><br>Actually, <b>fips = no</b> alone was enough to let the certs meet.<br><br>Previously, I just didn't bothered the FIPS setting since I couldn't imagine that non-approved protocols would be used or any crypto/algo deviances would show up.. in such a simple case :) It was very frustrating that the OpenSSL test commands (s_server, s_client) worked.<br>
<br>You may leave this solution visible for Google or extend the documentation / FAQ to help others.. No relevant document showed up for the next search strings:<br>SSL3_GET_CERTIFICATE_REQUEST:tls client cert req with anon cipher<br>
SSL3_READ_BYTES:sslv3 alert unexpected message<br><br>Thank you very very much!<br>Laszlo<br><br><br><div class="gmail_quote">On Tue, Feb 14, 2012 at 12:06, <span dir="ltr"><<a href="mailto:josealf@rocketmail.com">josealf@rocketmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Laszlo,<br>
<br>
Please add<br>
<br>
key=stunnel.pem<br>
fips=no<br>
<br>
to your config files.<br>
Make sure stunnel.pem contains the certifcate and private key for each computer. Try again and let us know the results.<br>
<br>
Regards<br>
Jose<br>
<br>
-----Original Message-----<br>
From: Keresztfalvi Laszlo <<a href="mailto:lkereszt@gmail.com">lkereszt@gmail.com</a>><br>
Sender: <a href="mailto:stunnel-users-bounces@stunnel.org">stunnel-users-bounces@stunnel.org</a><br>
Date: Tue, 14 Feb 2012 10:05:15<br>
To: <<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>><br>
Subject: [stunnel-users] server does not send its cert?<br>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users" target="_blank">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</a><br>
<br>
<br>
<br>
</blockquote></div><br><div style id="avg_ls_inline_popup"></div>