Hello,
I'm trying to enable Forward Secrecy. have an stunnel 4.56 instance compiled with authpriv and xforwardedfor patches, configured as follows:
sslVersion = all options = NO_SSLv2 ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4 renegotiation = no setuid = nobody setgid = nobody socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 libwrap = no TIMEOUTbusy = 120 xforwardedfor = yes
[domain.com] accept = X.X.X.X:443 connect = 127.0.0.1:91 cert = /etc/pki/tls/certs/domain.pem key = /etc/pki/tls/private/domain.key
domain.pem contains both the SSL certificate and the DH parameters (generated with "openssl dhparams 2048").
stunnel initializes the DH parameters correctly:
2014.04.14 12:08:18 LOG6[16629:140355580176320]: Initializing service [domain.com] 2014.04.14 12:08:18 LOG7[16629:140355580176320]: Certificate: /etc/pki/tls/certs/domain.pem 2014.04.14 12:08:18 LOG7[16629:140355580176320]: Certificate loaded 2014.04.14 12:08:18 LOG7[16629:140355580176320]: Key file: /etc/pki/tls/private/domain.key 2014.04.14 12:08:18 LOG7[16629:140355580176320]: Private key loaded 2014.04.14 12:08:18 LOG7[16629:140355580176320]: Using DH parameters from /etc/pki/tls/certs/domain.pem 2014.04.14 12:08:18 LOG7[16629:140355580176320]: DH initialized with 2048-bit key 2014.04.14 12:08:18 LOG7[16629:140355580176320]: SSL options set: 0x01000004
When I try to connect using openssl s_client, the connections fails with it unable to negotiate a cipher. On the client side:
# openssl s_client -cipher ECDH -tls1 -connect www.domain.com:443 CONNECTED(00000003) 140735113126752:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40 140735113126752:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1397471905 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
On the server side:
2014.04.14 11:57:10 LOG5[9647:140038728394496]: Service [domain.com] accepted connection from X.X.X.X:56678 2014.04.14 11:57:10 LOG7[9647:140038728394496]: SSL state (accept): before/accept initialization 2014.04.14 11:57:10 LOG7[9647:140038728394496]: SNI: no virtual services defined 2014.04.14 11:57:10 LOG7[9647:140038728394496]: SSL alert (write): fatal: handshake failure 2014.04.14 11:57:10 LOG3[9647:140038728394496]: SSL_accept: 1408A0C1: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher 2014.04.14 11:57:10 LOG5[9647:140038728394496]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
The client and the server have the same openssl version (1.0.1e), with the same supported ciphers.
I tried different cipher combinations (i.e. "HIGH:!aNULL:!MD5"), but no lock. FWIW, the initial DH cipher list in the stunnel config file works correctly in an SSL nginx instance and openssl s_client negotiates "ECDHE-RSA-AES256-SHA".
Any idea what may be wrong with stunnel?
Thanks, Ovidiu