What did Redhat changed?
I would start there. See if any of their changes would affect your setup.
You can also check that both sides of the connection are using the same TLS version
Powered by iOS
On Dec 18, 2014, at 08:27, H.U.Flück huf@inomatix.com wrote:
Hello
I realized that the latest RHEL6 updates including stunnel-4.29-3.el6_6.1 break our Stunnel connections!
We are forced to go back to previous version stunnel-4.29-3.el6_4 in order to have the systems running again, and blocking Stunnel updates in /etc/yum.conf for the moment.
Our typical client config and server configs are as follows:
Client (5.08):
client = yes compression = zlib sslversion = TLSv1 delay = yes debug = 7 taskbar = yes
cert = my.pem
[abas_ssh] accept = 127.0.30.10:5303 connect = firewall.client.dom:5303
Server, xinetd.d:
service stunnel_ssh { disable = no socket_type = stream instances = UNLIMITED per_source = UNLIMITED wait = no user = root server = /usr/bin/stunnel server_args = /etc/stunnel/stunnel_ssh.conf log_on_success += HOST DURATION log_on_failure += HOST }
Server, stunnel_ssh.conf
cert = /support/stunnel/cert/server.pem CApath = / support /stunnel/hash/ verify = 3 debug = 7 connect = 192.168.1.100:22
The error thrown is something like: Dec 17 17:30:23 srvabas stunnel: LOG3[3385:140171595282368]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
What are we missing? Do we need to change the configuration?
Any help is highly appreciated.
Kind regards H.U.Flueck
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users