The problem seems to be the key size
If you use a 512 key for stunnel it works
However, when the key used by stunnel is 1024 and you try to use
the EXP-RC4-MD5 cipher, a temporary 512 key is generated BUT that fails.
So I tested:
Stunnel 4.35 and OpenSSL 1.0.0d
Using a 512 RSA key and EXP-RC4-MD5 works Using a 1025 RSA key and EXP-RC4-MD5 fails
Looks more like an OpenSSL thing. I'm uncertain about how this situation is handled in the protocol spec. When the server has a 1024 key but the client wants to negotiate with a smaller key.
Cheers ----------------- Leandro Avila
----- Original Message ----- From:Outofwall.com root@outofwall.com To:stunnel-users-bounces@stunnel.org; stunnel-users@stunnel.org Cc: Sent:Monday, April 11, 2011 10:39 PM Subject:Re: [stunnel-users] Weird error when trying to use 512bit RSA key
In fact, I'm using TLSv1, just use the custom ciphers list. Here's what I have on the server side:
ciphers EXP-RC4-MD5:ALL
and test
sunyc@www:~$ openssl s_client -tls1 -connect ssl.sgivpn.info:443 -cipher EXP-RC4-MD5 CONNECTED(00000003) depth=0 /C=US/ST=CA/O=XXX verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=CA/O=XXX verify return:1 32684:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1093:SSL alert number 40 32684:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
Error: Apr 11 18:57:35 localhost stunnel: LOG3[8319:139884220368640]: SSL_accept: 1409B11A: error:1409B11A:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:error generating tmp rsa key
Both client and server is running ubuntu 10.04, with openssl 0.9.8k I think.
Cheers. _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users