Hi,

I have compiled version 4.41 with xforwarded-for patch successfully for our webmail system (Stunnel <-> Haproxy <-> Horde Webmail). After a while the stunnel daemon dies and following message appears in log:

Aug 8 12:05:06 vlb2 [local3.err] stunnel: LOG3[3231:3085343632]: SSL_accept: 140760FC: error:140760FC:SSL routines: SSL23_GET_CLIENT_HELLO:unknown protocol

Any ideas/suggestions?

OS: Centos 5.5 openssl: 0.9.8e-12.el5_5.7

Configuration:

; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = all

; Disable SSLv2 options = NO_SSLv2

; List of allowed Ciphers ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

; Disable FIPS fips = no

; Some security enhancements for UNIX systems - comment them out on Win32 setuid = nobody setgid = nobody chroot = /usr/local/var/lib/stunnel/ ; PID is created inside chroot jail pid = /stunnel-webmail.pid

; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Option for Dummy MSIE TIMEOUTclose=0 ; Option for errorness SSL implementation options = DONT_INSERT_EMPTY_FRAGMENTS

; Some debugging stuff useful for troubleshooting debug = local3.4

; Run as Daemon foreground = no

; Service-level configuration

[https] cert = z1.pem accept = ip1:443 connect = p1 xforwardedfor = yes

[https] cert = z2.pem accept = ip2:443 connect = p2 xforwardedfor = yes

[wmt] cert = z3.pem accept = ip3:443 connect = p3 xforwardedfor = yes

regards

René Plattner