Hi,

 

I have set up Stunnel as SSL Wrapper for googlemail on a Redhat Enterprise Linux 7.2 installation.

The stunnel.conf:

output = /var/log/stunnel.log

cert = /etc/pki/tls/certs/2019stunnel.pem

client = yes

sslVersion = TLSv1

;fips=no

[ssmtp]

accept = 1925

connect=smtp.googlemail.com:587

 

 

lets me start stunned well.

I have created the file 2019stunnel.pem following the Instructions on Redhat:

make 2019stunnel.pem in the correct directory (certs)

now I tried to telnet localhost 1925; I get a “connected”, but nothing more. telnet smtp.googlemail 587 runs very well, I get connected, so I assume it is not a firewall issue.

I checked the options

sslVersion = TLSv1 and

sslVersion = all alternatively, which led to different errors in stunnel.log:

Service [ssmtp] accepted connection from 127.0.0.1:49723 2019.01.04 14:45:01 LOG3[4500:140416608397056]: connect_blocking: connect 2a00:1450:400c:c0c::10:587: Network is unreachable (101) 2019.01.04 14:45:01 LOG5[4500:140416608397056]: connect_blocking: connected 74.125.140.16:587 2019.01.04 14:45:01 LOG5[4500:140416608397056]: Service [ssmtp] connected remote server from 192.168.178.57:44246 2019.01.04 14:45:01 LOG3[4500:140416608397056]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2019.01.04 14:45:01 LOG5[4500:140416608397056]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2019.01.04 14:54:24 LOG5[4500:140416608249920]: Terminated

or

Service [ssmtp] accepted connection from 192.168.178.57:57612 2019.01.04 14:54:36 LOG5[7437:139957105055488]: connect_blocking: connected 173.194.76.16:587 2019.01.04 14:54:36 LOG5[7437:139957105055488]: Service [ssmtp] connected remote server from 192.168.178.57:52192 2019.01.04 14:54:36 LOG3[7437:139957105055488]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2019.01.04 14:54:36 LOG5[7437:139957105055488]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

Now Open SSL:

Openssl output:

openssl s_client -connect localhost:1925 CONNECTED(00000003)

write:errno=104

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 289 bytes

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1546610402 Timeout : 300 (sec) Verify return code: 0 (ok)

What do I miss here; what is running wrong ?

 

 

Mit freundlichen Grüßen/ best regards

 

Klaus Klöser