One more thing..

2012.02.14 13:13:32 LOG6[87260:136504]: Negotiated ciphers: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

RC4 128-bit is not something that considered secure. I don't know why this was choosen but probably this caused that FIPS mode rejected the connection?

Best Regards,
Laszlo


On Tue, Feb 14, 2012 at 13:29, Keresztfalvi Laszlo <lkereszt@gmail.com> wrote:
Jose,

Oh, yeah! This solved the problem!

Actually, fips = no alone was enough to let the certs meet.

Previously, I just didn't bothered the FIPS setting since I couldn't imagine that non-approved protocols would be used or any crypto/algo deviances would show up.. in such a simple case :) It was very frustrating that the OpenSSL test commands (s_server, s_client) worked.

You may leave this solution visible for Google or extend the documentation / FAQ  to help others.. No relevant document showed up for the next search strings:

SSL3_GET_CERTIFICATE_REQUEST:tls client cert req with anon cipher
SSL3_READ_BYTES:sslv3 alert unexpected message

Thank you very very much!
Laszlo



On Tue, Feb 14, 2012 at 12:06, <josealf@rocketmail.com> wrote:
Laszlo,

Please add

 key=stunnel.pem
 fips=no

 to your config files.
Make sure stunnel.pem contains the certifcate and private key for each computer. Try again and let us know the results.

Regards
Jose

-----Original Message-----
From: Keresztfalvi Laszlo <lkereszt@gmail.com>
Sender: stunnel-users-bounces@stunnel.org
Date: Tue, 14 Feb 2012 10:05:15
To: <stunnel-users@stunnel.org>
Subject: [stunnel-users] server does not send its cert?

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users