Try adding verifyPeer=no 

Stunnel does not trust the certificate presented by the server. Review the man page regarding certificate verification.

Saludos

Jose Alfredo Diaz

On Dec 4, 2017, at 4:24 AM, Ziad Badawi <ZiadR.B@gmail.com> wrote:

Greetings,

I am trying to capture clear text pcaps from client (browser) - server (java appserver) traffic.

The java appserver is jboss using https. I'm running jboss and stunnel on the same machine.

# stunnel.conf

debug = 3

foreground = yes

[jboss]

client = yes

cert= stunnel.pem # generated using makecert.sh

accept = 1234

connect = 127.0.0.1:443

Version:

stunnel 5.44 on x86_64-pc-linux-gnu platform

Compiled/running with OpenSSL 1.0.2k-fips  26 Jan 2017

Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

Global options:

RNDbytes               = 64

RNDfile                = /dev/urandom

RNDoverwrite           = yes

Service-level options:

ciphers                = FIPS (with "fips = yes")

ciphers                = HIGH:!DH:!aNULL:!SSLv2 (with "fips = no")

curve                  = prime256v1

debug                  = daemon.notice

logId                  = sequential

options                = NO_SSLv2

options                = NO_SSLv3

sessionCacheSize       = 1000

sessionCacheTimeout    = 300 seconds

stack                  = 65536 bytes

TIMEOUTbusy            = 300 seconds

TIMEOUTclose           = 60 seconds

TIMEOUTconnect         = 10 seconds

TIMEOUTidle            = 43200 seconds

verify                 = none

When I try to test it usng firefox by browsing to https://localhost:1234, FF returns "Secure Connection Failed" and stunnel spits

2017.12.01 20:35:10 LOG3[0]: SSL_connect: 14094416: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

What am I missing / doing wrong?

Regards

Z

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users