Try adding verifyPeer=no 

Stunnel does not trust the certificate presented by the server. Review the man page regarding certificate verification.

Saludos
Jose Alfredo Diaz



On Dec 4, 2017, at 4:24 AM, Ziad Badawi <ZiadR.B@gmail.com> wrote:

Greetings,

I am trying to capture clear text pcaps from client (browser) - server (java appserver) traffic.

The java appserver is jboss using https. I'm running jboss and stunnel on the same machine.

# stunnel.conf
debug = 3
foreground = yes
[jboss]
client = yes
cert= stunnel.pem # generated using makecert.sh
accept = 1234
connect = 127.0.0.1:443

Version:
stunnel 5.44 on x86_64-pc-linux-gnu platform
Compiled/running with OpenSSL 1.0.2k-fips  26 Jan 2017
Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

Global options:
RNDbytes               = 64
RNDfile                = /dev/urandom
RNDoverwrite           = yes

Service-level options:
ciphers                = FIPS (with "fips = yes")
ciphers                = HIGH:!DH:!aNULL:!SSLv2 (with "fips = no")
curve                  = prime256v1
debug                  = daemon.notice
logId                  = sequential
options                = NO_SSLv2
options                = NO_SSLv3
sessionCacheSize       = 1000
sessionCacheTimeout    = 300 seconds
stack                  = 65536 bytes
TIMEOUTbusy            = 300 seconds
TIMEOUTclose           = 60 seconds
TIMEOUTconnect         = 10 seconds
TIMEOUTidle            = 43200 seconds
verify                 = none

When I try to test it usng firefox by browsing to https://localhost:1234, FF returns "Secure Connection Failed" and stunnel spits

2017.12.01 20:35:10 LOG3[0]: SSL_connect: 14094416: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

What am I missing / doing wrong?
Regards

Z


_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users