-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Dec 18, 2014, at 08:27, H.U.Flück huf@inomatix.com wrote: The error thrown is something like: Dec 17 17:30:23 srvabas stunnel: LOG3[3385:140171595282368]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
What are we missing? Do we need to change the configuration?
I downloaded the source packages to identify the exact change they made. The only difference between the previous and the updated version is that the new one configures stunnel with:
configure --enable-fips --enable-ipv6 \ CPPFLAGS="-UPIDFILE -DPIDFILE='"%{_localstatedir}/run/stunnel.pid"'"
rather than:
configure --disable-fips --enable-ipv6 \ CPPFLAGS="-UPIDFILE -DPIDFILE='"%{_localstatedir}/run/stunnel.pid"'"
The update doesn't change anything in the source code of stunnel.
In stunnel 4.x FIPS mode is enabled by default. You may disable it with "fips = no". In order to get your configuration working without disabling FIPS mode you may also try "sslVersion = TLSv1".
Mike