Line 51: "[pop3s]": Failed to initialize SSL
Beginning with Stunnel version 4.55 and continuing with 4.56 I can configure, make and make install without issue. But as soon as I try to start stunnel with the following command: /usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf I get the folllowing error message: Clients allowed=500 stunnel 4.56 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1 14 Mar 2012 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Reading configuration from file /usr/local/etc/stunnel/stunnel.conf FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported Line 51: "[pop3s]": Failed to initialize SSL str_stats: 9 block(s), 163 data byte(s), 522 control byte(s) Any insight into this issue would be greatly appreciated. -- Laura J. Fried
Added fips = no to the stunnel conf. Stephen Griffin Sr. System Admin Achievers +1 647 268 6832 Sent from my iPhone On Jul 14, 2013, at 5:22 PM, "Laura Fried" <laura@fried.us> wrote:
Beginning with Stunnel version 4.55 and continuing with 4.56 I can configure, make and make install without issue.
But as soon as I try to start stunnel with the following command: /usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf
I get the folllowing error message: Clients allowed=500 stunnel 4.56 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1 14 Mar 2012 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Reading configuration from file /usr/local/etc/stunnel/stunnel.conf FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported Line 51: "[pop3s]": Failed to initialize SSL str_stats: 9 block(s), 163 data byte(s), 522 control byte(s)
Any insight into this issue would be greatly appreciated.
-- Laura J. Fried
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Confidentiality: The information contained in this e-mail and any attachments are confidential. If you are not the intended recipient, you may not copy or distribute this information. If you have received this communication in error, please notify the sender immediately and delete it from your system.
Thanks Stephen. Gave that a try and it didn't work. Here is the error message Clients allowed=500 stunnel 4.56 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1 14 Mar 2012 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Reading configuration from file /usr/local/etc/stunnel/stunnel.conf FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported Line 51: "[pop3s]": Failed to initialize SSL str_stats: 9 block(s), 163 data byte(s), 522 control byte(s) Any other suggestions would be greatly appreciated. BTW, this is running on a Ubuntu server with SSL obtained though an apt-get. Laura J. Fried On 7/14/13 5:32 PM, Stephen Griffin wrote:
Added fips = no to the stunnel conf.
Stephen Griffin Sr. System Admin Achievers +1 647 268 6832
Sent from my iPhone
On Jul 14, 2013, at 5:22 PM, "Laura Fried" <laura@fried.us> wrote:
Beginning with Stunnel version 4.55 and continuing with 4.56 I can configure, make and make install without issue.
But as soon as I try to start stunnel with the following command: /usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf
I get the folllowing error message: Clients allowed=500 stunnel 4.56 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1 14 Mar 2012 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Reading configuration from file /usr/local/etc/stunnel/stunnel.conf FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported Line 51: "[pop3s]": Failed to initialize SSL str_stats: 9 block(s), 163 data byte(s), 522 control byte(s)
Any insight into this issue would be greatly appreciated.
-- Laura J. Fried
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Confidentiality: The information contained in this e-mail and any attachments are confidential. If you are not the intended recipient, you may not copy or distribute this information. If you have received this communication in error, please notify the sender immediately and delete it from your system.
FYI the /usr/local/etc/stunnel/stunnel.conf has the following set: cert = /usr/local/etc/stunnel/mail.pem sslVersion = SSLv3 chroot = /usr/local/var/lib/stunnel/ setuid = nobody setgid = nogroup pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = stunnel.log [pop3s] accept = 995 connect = 110 fips = no Laura J. Fried On 7/15/13 11:54 AM, Laura Fried wrote:
Thanks Stephen. Gave that a try and it didn't work. Here is the error message
Clients allowed=500 stunnel 4.56 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1 14 Mar 2012 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Reading configuration from file /usr/local/etc/stunnel/stunnel.conf FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported Line 51: "[pop3s]": Failed to initialize SSL str_stats: 9 block(s), 163 data byte(s), 522 control byte(s)
Any other suggestions would be greatly appreciated. BTW, this is running on a Ubuntu server with SSL obtained though an apt-get.
Laura J. Fried
On 7/14/13 5:32 PM, Stephen Griffin wrote:
Added fips = no to the stunnel conf.
Stephen Griffin Sr. System Admin Achievers +1 647 268 6832
Sent from my iPhone
On Jul 14, 2013, at 5:22 PM, "Laura Fried" <laura@fried.us> wrote:
Beginning with Stunnel version 4.55 and continuing with 4.56 I can configure, make and make install without issue.
But as soon as I try to start stunnel with the following command: /usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf
I get the folllowing error message: Clients allowed=500 stunnel 4.56 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1 14 Mar 2012 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Reading configuration from file /usr/local/etc/stunnel/stunnel.conf FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported Line 51: "[pop3s]": Failed to initialize SSL str_stats: 9 block(s), 163 data byte(s), 522 control byte(s)
Any insight into this issue would be greatly appreciated.
-- Laura J. Fried
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Confidentiality: The information contained in this e-mail and any attachments are confidential. If you are not the intended recipient, you may not copy or distribute this information. If you have received this communication in error, please notify the sender immediately and delete it from your system.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael, yes, the fips = no did not fix my problem so I have removed it. Any other suggestions? Laura J. Fried On 7/15/13 12:05 PM, Michal Trojnara wrote:
On 2013-07-15 18:02, Laura Fried wrote:
[pop3s] accept = 995 connect = 110 fips = no
fips can only be used as a global option. You cannot specify it in a service section.
Mike
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHkH88ACgkQj+zXGSFhBBBzBwCgsJKb9ra1UYvimG1NncEX8aEn nVkAnjPoPPv+o/zyafTYvvNkLnuuid5Y =LYpX -----END PGP SIGNATURE-----
participants (3)
-
Laura Fried -
Michal Trojnara -
Stephen Griffin