Hi Guys,

To me this looks like a cipher issue.

There are a few options that you can try to resolve this if it is.

I would try adding the following lines into your STunnel Configuration file:

delay = yes
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = CIPHER_SERVER_PREFERENCE
options = DONT_INSERT_EMPTY_FRAGMENTS

Delay will delay and DNS lookups that maybe actioned by the request (not normally needed but I always include if for sanity sake)

The three 'options' sections turn off all the known problematic cipher lists if you need a key that is in one of these block feel free to remove that directive but I think a good start would be to leave the 'NO_SSLv3' option in place

The 'CIPHER_SERVER_PREFERENCE' option will make set whether the client is allowed to renegotiat the ciphers that are to be used between the client and the server process.

And finally 'DONT_INSERT_EMPTY_FRAGMENTS' will mitigate an issue in the CBC ciphers that was in the SSLv3 and TLS1.0 cipher lists again I only include it for sanity sake now but its better to have than to go without.

--

With Kind Regards.

Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org

Tel (UK) - +44 (0) 3303801064 (24x7)

Tel (US) - +1 888.867.9504 (Toll Free)(24x7)