Jose,
Oh, yeah! This solved the problem!
Actually, *fips = no* alone was enough to let the certs meet.
Previously, I just didn't bothered the FIPS setting since I couldn't imagine that non-approved protocols would be used or any crypto/algo deviances would show up.. in such a simple case :) It was very frustrating that the OpenSSL test commands (s_server, s_client) worked.
You may leave this solution visible for Google or extend the documentation / FAQ to help others.. No relevant document showed up for the next search strings: SSL3_GET_CERTIFICATE_REQUEST:tls client cert req with anon cipher SSL3_READ_BYTES:sslv3 alert unexpected message
Thank you very very much! Laszlo
On Tue, Feb 14, 2012 at 12:06, josealf@rocketmail.com wrote:
Laszlo,
Please add
key=stunnel.pem fips=no
to your config files. Make sure stunnel.pem contains the certifcate and private key for each computer. Try again and let us know the results.
Regards Jose
-----Original Message----- From: Keresztfalvi Laszlo lkereszt@gmail.com Sender: stunnel-users-bounces@stunnel.org Date: Tue, 14 Feb 2012 10:05:15 To: stunnel-users@stunnel.org Subject: [stunnel-users] server does not send its cert?
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users