Hi,
Taking this opportunity
to ask a question on the mentioned warning.
In our stunnel setup
(stunnel server in a Docker container on Linux, version 5.68
and windows clients on version 5.73, no certificate
verification) I am seeing every minute the following lines
in stunnel.log on the server side:
2025.01.20 04:12:27
LOG5[0]: Service [siptest] accepted connection from
172.20.23.1:46658
2025.01.20 04:12:27
LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:354:
error:0A00010B:SSL routines::wrong version number
2025.01.20 04:12:27
LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s)
sent to socket
This is every minute, so
04:13:27 again, etc. The warning is there already shortly
after container restart without active connections to our
SIP devices.
I only see it recently.
And changing the server/client config with sslVersionMin =
TLSv1.2 and sslVersionMax = TLSv1.3 did not resolve it.
Since it comes back
every minute, I was thinking in the direction of keepalive
settings. But do keep alives need encryption? Probably not.
Is this just an innocent
bug in the stunnel code or could I still do something in my
configuration to clear the warn?
Thank you for your
attention.
Marcel de Rooy
Rijksmuseum Netherlands
|
_______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org