1. compiled and installed stunnel on older OSX Mac. Tried connectiong via IMAPS and POP3S using Apple OSX Mail and I get the errors shown in line 4. Process works when I change my .conf file to contain sslVersion = SSLv2. I'm a neophyte to ssl and I have no idea what is wrong or where to start or if this situation is OK. Any help is appreciated. Also this needs to be backward compatible to OSX 10.3.9 which is why the compiling on Panther. 2. stunnel version 4.20 3. standalone via sudo from command line 4. error message Mar 23 10:49:52 musky stunnel: LOG5[2941:25192960]: imaps accepted connection from 206.208.58.127:37295 Mar 23 10:49:52 musky stunnel: LOG3[2941:25192960]: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Mar 23 10:49:52 musky stunnel: LOG5[2941:25192960]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
5. $ /usr/local/sbin/stunnel -version stunnel 4.20 on powerpc-apple-darwin7.9.0 with OpenSSL 0.9.7l 28 Sep 2006 Threading:PTHREAD SSL:ENGINE Sockets:SELECT,IPv4 Auth:LIBWRAP
Global options debug = 5 pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /usr/local/etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
6. $ uname -a Darwin musky.oitc.com 7.9.0 Darwin Kernel Version 7.9.0: Wed Mar 30 20:11:17 PST 2005; root:xnu/xnu-517.12.7.obj~1/RELEASE_PPC Power Macintosh powerpc
7. Your libc version if you use Linux. 8. $ gcc -v Reading specs from /usr/libexec/gcc/darwin/ppc/3.3/specs Thread model: posix gcc version 3.3 20030304 (Apple Computer, Inc. build 1666)
9. $ openssl version OpenSSL 0.9.7l 28 Sep 2006
10. My conf
; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of chroot jail)
; Certificate/key is needed in server mode and optional in client mode cert = /usr/local/etc/stunnel/secure_mail.pem ;key = /usr/local/etc/stunnel/secure_mail.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv2
; Some security enhancements for UNIX systems - comment them out on Win32 ;chroot = /usr/local/var/lib/stunnel/ ;setuid = nobody ;setgid = nobody ;setgid = nogroup ; PID is created inside chroot jail pid = /var/run/stunnel.pid
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = rle
; Workaround for Eudora bug options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /usr/local/etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /usr/local/etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting debug = 7 ;output = stunnel.log
; Use it for client mode ;client = yes
; Service-level configuration
[pop3s] accept = 995 connect = 110
[imaps] accept = 993 connect = 143
[ssmtp] accept = 465 connect = 587
[sldap] accept = 636 connect = 389
;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0
; vim:ft=dosini