Hi I have been using stunnel or a number of years to create a secure connect to CCTV recording software. Today after upgrading to IOS 13.4.1 I can no longer connect I ran generate self signed certificate, still fails. Searching I found others with similar problem, some have created a cert using other providers. I would prefer to generate from stunnel as I have always done
config [BlueIris] accept=1440 connect=8080 cert = stunnel.pem
I am no expert, basically followed a simple setup read few comments that it maybe due to IOS no longer supporting certain version of ssl Hopefully you can help
Log 2020.05.11 22:59:04 LOG5[main]: stunnel 5.56 on x64-pc-mingw32-gnu platform 2020.05.11 22:59:04 LOG5[main]: Compiled/running with OpenSSL 1.1.1c 28 May 2019 2020.05.11 22:59:04 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI 2020.05.11 22:59:04 LOG5[main]: Reading configuration from file stunnel.conf 2020.05.11 22:59:04 LOG5[main]: UTF-8 byte order mark detected 2020.05.11 22:59:04 LOG6[main]: Initializing service [BlueIris] 2020.05.11 22:59:04 LOG6[main]: Loading certificate from file: stunnel.pem 2020.05.11 22:59:04 LOG6[main]: Certificate loaded from file: stunnel.pem 2020.05.11 22:59:04 LOG6[main]: Loading private key from file: stunnel.pem 2020.05.11 22:59:04 LOG6[main]: Private key loaded from file: stunnel.pem 2020.05.11 22:59:04 LOG6[main]: DH initialization not needed 2020.05.11 22:59:04 LOG6[main]: Initializing service [gmail-pop3] 2020.05.11 22:59:04 LOG6[main]: Initializing service [gmail-imap] 2020.05.11 22:59:04 LOG6[main]: Initializing service [gmail-smtp] 2020.05.11 22:59:04 LOG6[main]: Initializing service [meinberg-smtp] 2020.05.11 22:59:04 LOG6[main]: Loading certificate from file: stunnel.pem 2020.05.11 22:59:04 LOG6[main]: Certificate loaded from file: stunnel.pem 2020.05.11 22:59:04 LOG6[main]: Loading private key from file: stunnel.pem 2020.05.11 22:59:04 LOG6[main]: Private key loaded from file: stunnel.pem 2020.05.11 22:59:04 LOG4[main]: Service [meinberg-smtp] needs authentication to prevent MITM attacks 2020.05.11 22:59:04 LOG5[main]: Configuration successful 2020.05.11 22:59:04 LOG6[main]: Service [BlueIris] (FD=564) bound to 0.0.0.0:1440 2020.05.11 22:59:04 LOG6[main]: Service [gmail-pop3] (FD=728) bound to 127.0.0.1:110 2020.05.11 22:59:04 LOG6[main]: Service [gmail-imap] (FD=732) bound to 127.0.0.1:143 2020.05.11 22:59:04 LOG6[main]: Service [gmail-smtp] (FD=736) bound to 0.0.0.0:25 2020.05.11 22:59:04 LOG6[main]: Service [meinberg-smtp] (FD=740) bound to 192.168.0.2:2525 2020.05.11 22:59:04 LOG6[cron]: Executing cron jobs 2020.05.11 22:59:04 LOG6[cron]: Cron jobs completed in 0 seconds 2020.05.11 22:59:55 LOG5[0]: Service [BlueIris] accepted connection from 192.168.0.142:58797 2020.05.11 22:59:55 LOG6[0]: Peer certificate not required 2020.05.11 22:59:55 LOG3[0]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[1]: Service [BlueIris] accepted connection from 192.168.0.142:58798 2020.05.11 22:59:55 LOG6[1]: Peer certificate not required 2020.05.11 22:59:55 LOG3[1]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[2]: Service [BlueIris] accepted connection from 192.168.0.142:58799 2020.05.11 22:59:55 LOG6[2]: Peer certificate not required 2020.05.11 22:59:55 LOG3[2]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 22:59:55 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[3]: Service [BlueIris] accepted connection from 192.168.0.142:58800 2020.05.11 22:59:55 LOG6[3]: Peer certificate not required 2020.05.11 22:59:55 LOG3[3]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[4]: Service [BlueIris] accepted connection from 192.168.0.142:58801 2020.05.11 22:59:55 LOG6[4]: Peer certificate not required 2020.05.11 22:59:55 LOG3[4]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[4]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[5]: Service [BlueIris] accepted connection from 192.168.0.142:58802 2020.05.11 22:59:55 LOG6[5]: Peer certificate not required 2020.05.11 22:59:55 LOG3[5]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 22:59:55 LOG5[5]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[6]: Service [BlueIris] accepted connection from 192.168.0.142:58803 2020.05.11 22:59:55 LOG6[6]: Peer certificate not required 2020.05.11 22:59:55 LOG3[6]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[6]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[7]: Service [BlueIris] accepted connection from 192.168.0.142:58804 2020.05.11 22:59:55 LOG6[7]: Peer certificate not required 2020.05.11 22:59:55 LOG3[7]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[7]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[8]: Service [BlueIris] accepted connection from 192.168.0.142:58805 2020.05.11 22:59:55 LOG6[8]: Peer certificate not required 2020.05.11 22:59:55 LOG3[8]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 22:59:55 LOG5[8]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[9]: Service [BlueIris] accepted connection from 192.168.0.142:58806 2020.05.11 22:59:55 LOG6[9]: Peer certificate not required 2020.05.11 22:59:55 LOG3[9]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[9]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[10]: Service [BlueIris] accepted connection from 192.168.0.142:58807 2020.05.11 22:59:55 LOG6[10]: Peer certificate not required 2020.05.11 22:59:55 LOG3[10]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[10]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[11]: Service [BlueIris] accepted connection from 192.168.0.142:58808 2020.05.11 22:59:55 LOG6[11]: Peer certificate not required 2020.05.11 22:59:55 LOG3[11]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 22:59:55 LOG5[11]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[12]: Service [BlueIris] accepted connection from 192.168.0.142:58809 2020.05.11 22:59:55 LOG6[12]: Peer certificate not required 2020.05.11 22:59:55 LOG3[12]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[12]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[13]: Service [BlueIris] accepted connection from 192.168.0.142:58810 2020.05.11 22:59:55 LOG6[13]: Peer certificate not required 2020.05.11 22:59:55 LOG3[13]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:55 LOG5[13]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:55 LOG5[14]: Service [BlueIris] accepted connection from 192.168.0.142:58811 2020.05.11 22:59:55 LOG6[14]: Peer certificate not required 2020.05.11 22:59:55 LOG3[14]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 22:59:55 LOG5[14]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:56 LOG5[15]: Service [BlueIris] accepted connection from 192.168.0.142:58812 2020.05.11 22:59:56 LOG6[15]: Peer certificate not required 2020.05.11 22:59:56 LOG3[15]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:56 LOG5[15]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:56 LOG5[16]: Service [BlueIris] accepted connection from 192.168.0.142:58813 2020.05.11 22:59:56 LOG6[16]: Peer certificate not required 2020.05.11 22:59:56 LOG3[16]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 22:59:56 LOG5[16]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 22:59:56 LOG5[17]: Service [BlueIris] accepted connection from 192.168.0.142:58814 2020.05.11 22:59:56 LOG6[17]: Peer certificate not required 2020.05.11 22:59:56 LOG3[17]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 22:59:56 LOG5[17]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[18]: Service [BlueIris] accepted connection from 192.168.0.142:58815 2020.05.11 23:00:04 LOG6[18]: Peer certificate not required 2020.05.11 23:00:04 LOG3[18]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[18]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[19]: Service [BlueIris] accepted connection from 192.168.0.142:58816 2020.05.11 23:00:04 LOG6[19]: Peer certificate not required 2020.05.11 23:00:04 LOG3[19]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[19]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[20]: Service [BlueIris] accepted connection from 192.168.0.142:58817 2020.05.11 23:00:04 LOG6[20]: Peer certificate not required 2020.05.11 23:00:04 LOG3[20]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 23:00:04 LOG5[20]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[21]: Service [BlueIris] accepted connection from 192.168.0.142:58818 2020.05.11 23:00:04 LOG6[21]: Peer certificate not required 2020.05.11 23:00:04 LOG3[21]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[21]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[22]: Service [BlueIris] accepted connection from 192.168.0.142:58819 2020.05.11 23:00:04 LOG6[22]: Peer certificate not required 2020.05.11 23:00:04 LOG3[22]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[22]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[23]: Service [BlueIris] accepted connection from 192.168.0.142:58820 2020.05.11 23:00:04 LOG6[23]: Peer certificate not required 2020.05.11 23:00:04 LOG3[23]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 23:00:04 LOG5[23]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[24]: Service [BlueIris] accepted connection from 192.168.0.142:58821 2020.05.11 23:00:04 LOG6[24]: Peer certificate not required 2020.05.11 23:00:04 LOG3[24]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[24]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[25]: Service [BlueIris] accepted connection from 192.168.0.142:58822 2020.05.11 23:00:04 LOG6[25]: Peer certificate not required 2020.05.11 23:00:04 LOG3[25]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[25]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[26]: Service [BlueIris] accepted connection from 192.168.0.142:58823 2020.05.11 23:00:04 LOG6[26]: Peer certificate not required 2020.05.11 23:00:04 LOG3[26]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 23:00:04 LOG5[26]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[27]: Service [BlueIris] accepted connection from 192.168.0.142:58824 2020.05.11 23:00:04 LOG6[27]: Peer certificate not required 2020.05.11 23:00:04 LOG3[27]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[27]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[28]: Service [BlueIris] accepted connection from 192.168.0.142:58825 2020.05.11 23:00:04 LOG6[28]: Peer certificate not required 2020.05.11 23:00:04 LOG3[28]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[28]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[29]: Service [BlueIris] accepted connection from 192.168.0.142:58826 2020.05.11 23:00:04 LOG6[29]: Peer certificate not required 2020.05.11 23:00:04 LOG3[29]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 23:00:04 LOG5[29]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[30]: Service [BlueIris] accepted connection from 192.168.0.142:58827 2020.05.11 23:00:04 LOG6[30]: Peer certificate not required 2020.05.11 23:00:04 LOG3[30]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[30]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[31]: Service [BlueIris] accepted connection from 192.168.0.142:58828 2020.05.11 23:00:04 LOG6[31]: Peer certificate not required 2020.05.11 23:00:04 LOG3[31]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[31]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[32]: Service [BlueIris] accepted connection from 192.168.0.142:58829 2020.05.11 23:00:04 LOG6[32]: Peer certificate not required 2020.05.11 23:00:04 LOG3[32]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 23:00:04 LOG5[32]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[33]: Service [BlueIris] accepted connection from 192.168.0.142:58830 2020.05.11 23:00:04 LOG6[33]: Peer certificate not required 2020.05.11 23:00:04 LOG3[33]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[33]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[34]: Service [BlueIris] accepted connection from 192.168.0.142:58831 2020.05.11 23:00:04 LOG6[34]: Peer certificate not required 2020.05.11 23:00:04 LOG3[34]: SSL_accept: ssl/record/rec_layer_s3.c:1535: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter 2020.05.11 23:00:04 LOG5[34]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.05.11 23:00:04 LOG5[35]: Service [BlueIris] accepted connection from 192.168.0.142:58832 2020.05.11 23:00:04 LOG6[35]: Peer certificate not required 2020.05.11 23:00:04 LOG3[35]: SSL_accept: ssl/statem/statem_srvr.c:1746: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback 2020.05.11 23:00:04 LOG5[35]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
-
John McClymont