Ian Pilcher wrote:

... and the (non-working) server-side stunnel configuration:

cert = /etc/stunnel/rsyncs_cert.pem key = /etc/stunnel/private/rsyncs_key.pem client = no pid = /var/run/stunnel.pid RNDfile = /var/run/stunnel/random_seed foreground = yes debug = debug output = /var/run/stunnel/stunnel.log

exec = /usr/bin/rsync execargs = rsync --daemon

Amazing how sending off the question gets the old brain cells working (or maybe it was the second cup of coffee). The problem was "foreground = yes". Since xinet.d redirects stderr back over the network connection, the stunnel startup messages were going back to the client. For some reason, the client didn't think that was a proper SSL handshake. ;-) -- ======================================================================== Ian Pilcher arequipeno@gmail.com ========================================================================