Morning,
[ ] Loading certificate from file: /opt/clients/certificate_2020-04-23.pem [!] SSL_CTX_use_certificate_chain_file: ssl/ssl_rsa.c:301: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small [!] Service [RailCompanion]: Failed to initialize TLS context [!] Configuration failed
We encountered a production outage yesterday when upgrading to 5.57, as it seems that a new securityLevel config has been added, a side-effect of which looks to have been the rejection of certificates of less than 2048 bits by default. We still had a 1024 bit cert in use. Obviously we should've had monitoring to check that stunnel was actually running (we will next time!) but it seems to me like this is a change that deserved more attention in the log, which only identifies it as a new feature, with no mention of breaking changes.
Anyway, our problem is now solved, but if you encounter stunnel failing to start when you next upgrade then this might be a candidate to look at.
Ian