centos 6 - stunnel 4.42 unusable (libssl trap divide error) in FIPS mode (default) - stunnel-users

19 Aug 2011


      I just finished building and configuring stunnel 4.42 on my x86_64
CentOS6 box. It appears to run, but not long into the SSL connection
stunnel dies. Log info below.
This only happens if I do NOT specify --disable-fips during
./configure (as it enables FIPS by default). I assume this is because
FIPS compliancy requires a key to have a passphrase, which my key does
not have?
[root@host stunnel]# tail -f /var/log/stunnel.log /var/log/messages
==> /var/log/stunnel.log <==
2011.08.19 16:27:36 LOG7[31681:139656510936832]: Option TCP_NODELAY
set on local socket
2011.08.19 16:27:36 LOG5[31681:139656510936832]: Service ntop accepted
connection from 12.117.176.190:13258
2011.08.19 16:27:36 LOG7[31681:139656510936832]: SSL state (accept):
before/accept initialization
2011.08.19 16:27:36 LOG7[31681:139656510936832]: SSL state (accept):
SSLv3 read client hello A
2011.08.19 16:27:36 LOG7[31681:139656510936832]: SSL state (accept):
SSLv3 write server hello A
2011.08.19 16:27:36 LOG7[31681:139656510936832]: SSL state (accept):
SSLv3 write certificate A
2011.08.19 16:27:36 LOG7[31681:139656510936832]: SSL state (accept):
SSLv3 write key exchange A
2011.08.19 16:27:36 LOG7[31681:139656510936832]: SSL state (accept):
SSLv3 write server done A
2011.08.19 16:27:36 LOG7[31681:139656510936832]: SSL state (accept):
SSLv3 flush data
2011.08.19 16:27:37 LOG7[31681:139656510936832]: SSL state (accept):
SSLv3 read client key exchange A
==> /var/log/messages <==
Aug 19 16:27:24 host stunnel: LOG5[31680:139656510941120]: FIPS mode enabled
Aug 19 16:27:24 host stunnel: LOG6[31680:139656510941120]:
Initializing SSL context for service ntop
Aug 19 16:27:24 host stunnel: LOG4[31680:139656510941120]: Insecure
file permissions on /usr/local/etc/stunnel/stunnel.pem
Aug 19 16:27:24 host stunnel: LOG6[31680:139656510941120]: SSL context
initialized
Aug 19 16:27:24 host stunnel: LOG5[31680:139656510941120]:
Configuration successful
Aug 19 16:27:36 host stunnel: LOG5[31681:139656510936832]: Service
ntop accepted connection from 12.117.176.190:13257
Aug 19 16:27:36 host stunnel: LOG3[31681:139656510936832]: SSL_accept:
1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number
Aug 19 16:27:36 host stunnel: LOG5[31681:139656510936832]: Connection
reset: 0 bytes sent to SSL, 0 bytes sent to socket
Aug 19 16:27:36 host stunnel: LOG5[31681:139656510936832]: Service
ntop accepted connection from 12.117.176.190:13258
Aug 19 16:27:37 host kernel: stunnel[31724] trap divide error
ip:7f044fd0d3d1 sp:7f0450b98a40 error:0 in
libssl.so.1.0.0[7f044fce2000+53000]