verifyPeer should be no by default. I added it anyway and still have the same problem. I see all the defaults does not require any certificate verification. Any other ideas? I
Z
On Mon, Dec 4, 2017 at 11:59 AM, Josealf.rm josealf@rocketmail.com wrote:
Try adding verifyPeer=no
Stunnel does not trust the certificate presented by the server. Review the man page regarding certificate verification.
Saludos Jose Alfredo Diaz
On Dec 4, 2017, at 4:24 AM, Ziad Badawi ZiadR.B@gmail.com wrote:
Greetings,
I am trying to capture clear text pcaps from client (browser) - server (java appserver) traffic.
The java appserver is jboss using https. I'm running jboss and stunnel on the same machine.
# stunnel.conf debug = 3 foreground = yes [jboss] client = yes cert= stunnel.pem # generated using makecert.sh accept = 1234 connect = 127.0.0.1:443
Version: stunnel 5.44 on x86_64-pc-linux-gnu platform Compiled/running with OpenSSL 1.0.2k-fips 26 Jan 2017 Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
Global options: RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options: ciphers = FIPS (with "fips = yes") ciphers = HIGH:!DH:!aNULL:!SSLv2 (with "fips = no") curve = prime256v1 debug = daemon.notice logId = sequential options = NO_SSLv2 options = NO_SSLv3 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
When I try to test it usng firefox by browsing to https://localhost:1234, FF returns "Secure Connection Failed" and stunnel spits
2017.12.01 20:35:10 LOG3[0]: SSL_connect: 14094416: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
What am I missing / doing wrong? Regards
Z
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users