A possible solution to the below question that I asked was to create a 64B/512b PSK and sharing that with the server -- then the next issue surface when trying to connect TLS - Close Notify ( I believe from the server's side)
Also I changed to: sslVersionMin = TLSv1.2 sslVersionMax = TLSv1.2 And if it was not belfore:
client = yes
On Fri, May 12, 2023 at 8:32 AM trashrap22@gmail.com wrote:
I get the following error running 'sudo service stunnel4 status' :
LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
is that merely a mismatch between openSSL versions used by client and server?
I have tried changing the config file options, also with no specification since the default according to stunnel.org is:
options = NO_SSLv2 options = NO_SSLv3
I have tried (service level option): sslVersion = TLSv1
Same error. When running sudo service stunnel4 status after start:
May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Threading:PTHREAD
Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP May 12 08:22:45 user-Linux stunnel4[16616]: Starting TLS tunnels: /etc/stunnel/stunnel.conf: started May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf May 12 08:22:45 user-Linux systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons). May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: UTF-8 byte order mark not detected May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: FIPS mode disabled May 12 08:22:45 user-Linux stunnel[16630]: LOG4[ui]: Insecure file permissions on /var/lib/stunnel4/psk.txt May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Configuration successful May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Switched to chroot directory: /var/lib/stunnel4/ May 12 08:22:45 user-Linux stunnel[16632]: LOG5[cron]: Updating DH parameters
After trying to make a connection via FIX connection:
May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service
[**redacted**] started May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Setting local socket options (FD=3) May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Option TCP_NODELAY set on local socket May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Service [**redacted**] accepted connection from 127.0.0.1:51954 May 12 08:28:04 user-Linux stunnel[16798]: LOG6[0]: Peer certificate not required May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: TLS state (accept): before SSL initialization May 12 08:28:04 user-Linux stunnel[16798]: LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong version number May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Local descriptor (FD=3) closed May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service [**redacted**] finished (0 left) _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org