Hi,

 

Taking this opportunity to ask a question on the mentioned warning.

 

In our stunnel setup (stunnel server in a Docker container on Linux, version 5.68 and windows clients on version 5.73, no certificate verification) I am seeing every minute the following lines in stunnel.log on the server side:

 

2025.01.20 04:12:27 LOG5[0]: Service [siptest] accepted connection from 172.20.23.1:46658

2025.01.20 04:12:27 LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:354: error:0A00010B:SSL routines::wrong version number

2025.01.20 04:12:27 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

 

This is every minute, so 04:13:27 again, etc. The warning is there already shortly after container restart without active connections to our SIP devices.

I only see it recently. And changing the server/client config with sslVersionMin = TLSv1.2 and sslVersionMax = TLSv1.3 did not resolve it.

 

Since it comes back every minute, I was thinking in the direction of keepalive settings. But do keep alives need encryption? Probably not.

 

Is this just an innocent bug in the stunnel code or could I still do something in my configuration to clear the warn?

 

Thank you for your attention.

 

Marcel de Rooy

Rijksmuseum Netherlands