Hello,
I'm trying to enable Forward Secrecy. have an stunnel 4.56 instance compiled with authpriv and xforwardedfor patches, configured as follows:
sslVersion = all
options = NO_SSLv2
ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
renegotiation = no
setuid = nobody
setgid = nobody
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
libwrap = no
TIMEOUTbusy = 120
xforwardedfor = yes
[domain.com]
accept = X.X.X.X:443
connect = 127.0.0.1:91
cert = /etc/pki/tls/certs/domain.pem
key = /etc/pki/tls/private/domain.key
domain.pem contains both the SSL certificate and the DH parameters (generated with "openssl dhparams 2048").
stunnel initializes the DH parameters correctly:
2014.04.14 12:08:18 LOG6[16629:140355580176320]: Initializing service [domain.com]
2014.04.14 12:08:18 LOG7[16629:140355580176320]: Certificate: /etc/pki/tls/certs/domain.pem
2014.04.14 12:08:18 LOG7[16629:140355580176320]: Certificate loaded
2014.04.14 12:08:18 LOG7[16629:140355580176320]: Key file: /etc/pki/tls/private/domain.key
2014.04.14 12:08:18 LOG7[16629:140355580176320]: Private key loaded
2014.04.14 12:08:18 LOG7[16629:140355580176320]: Using DH parameters from /etc/pki/tls/certs/domain.pem
2014.04.14 12:08:18 LOG7[16629:140355580176320]: DH initialized with 2048-bit key
2014.04.14 12:08:18 LOG7[16629:140355580176320]: SSL options set: 0x01000004
When I try to connect using openssl s_client, the connections fails with it unable to negotiate a cipher.
On the client side:
# openssl s_client -cipher ECDH -tls1 -connect www.domain.com:443
CONNECTED(00000003)
140735113126752:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40
140735113126752:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1397471905
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
On the server side:
2014.04.14 11:57:10 LOG5[9647:140038728394496]: Service [domain.com] accepted connection from X.X.X.X:56678
2014.04.14 11:57:10 LOG7[9647:140038728394496]: SSL state (accept): before/accept initialization
2014.04.14 11:57:10 LOG7[9647:140038728394496]: SNI: no virtual services defined
2014.04.14 11:57:10 LOG7[9647:140038728394496]: SSL alert (write): fatal: handshake failure
2014.04.14 11:57:10 LOG3[9647:140038728394496]: SSL_accept: 1408A0C1: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
2014.04.14 11:57:10 LOG5[9647:140038728394496]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
The client and the server have the same openssl version (1.0.1e), with the same supported ciphers.
I tried different cipher combinations (i.e. "HIGH:!aNULL:!MD5"), but no lock. FWIW, the initial DH cipher list in the stunnel config file works correctly in an SSL nginx instance and openssl s_client negotiates "ECDHE-RSA-AES256-SHA".
Any idea what may be wrong with stunnel?
Thanks,
Ovidiu