The problem seems to be the key size If you use a 512 key for stunnel it works However, when the key used by stunnel is 1024 and you try to use the EXP-RC4-MD5 cipher, a temporary 512 key is generated BUT that fails. So I tested: Stunnel 4.35 and OpenSSL 1.0.0d Using a 512 RSA key and EXP-RC4-MD5 works Using a 1025 RSA key and EXP-RC4-MD5 fails Looks more like an OpenSSL thing. I'm uncertain about how this situation is handled in the protocol spec. When the server has a 1024 key but the client wants to negotiate with a smaller key. Cheers   ----------------- Leandro Avila ----- Original Message ----- From:Outofwall.com <root@outofwall.com> To:stunnel-users-bounces@stunnel.org; stunnel-users@stunnel.org Cc: Sent:Monday, April 11, 2011 10:39 PM Subject:Re: [stunnel-users] Weird error when trying to use 512bit RSA key In fact, I'm using TLSv1, just use the custom ciphers list. Here's what I have on the server side: ciphers EXP-RC4-MD5:ALL and test sunyc@www:~$ openssl s_client -tls1 -connect ssl.sgivpn.info:443 -cipher EXP-RC4-MD5 CONNECTED(00000003) depth=0 /C=US/ST=CA/O=XXX verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=CA/O=XXX verify return:1 32684:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1093:SSL alert number 40 32684:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: Error: Apr 11 18:57:35 localhost stunnel: LOG3[8319:139884220368640]: SSL_accept: 1409B11A: error:1409B11A:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:error generating tmp rsa key Both client and server is running ubuntu 10.04, with openssl 0.9.8k I think. Cheers. _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users