Hello all,

I'm using xmas for something useful - i.e. to configure a new server. After an install of stunnel 5.50 and generating the .pem and .key files with:

openssl req -new -x509 -nodes -out /usr/local/etc/stunnel/nw_stunnel.pem -keyout /usr/local/etc/stunnel/nw_stunnel.key -days 1825

using this settings in the stunnel.conf:

cert = /usr/local/etc/stunnel/nw_stunnel.pem key = /usr/local/etc/stunnel/nw_stunnel.key options = -NO_SSLv3 sslVersion = all

I got

LOG5[0]: Service [imaps] accepted connection from 192.168.1.3:64233 Dec LOG3[0]: SSL_accept: 14094412: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

Just wondering: this is a self issued CA-Cert. Does the bad certificate error refer to the unsafe ssl3-standard or is it a placeholder for the certificate being self-generated as well?

I'm currentlty on [.] stunnel 5.50 on amd64-portbld-freebsd12.0 platform [.] Compiled/running with OpenSSL 1.1.1a-freebsd 20 Nov 2018 [.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI

This configuration works with the same install procedure: [.] stunnel 5.49 on i386-portbld-freebsd11.2 platform [.] Compiled/running with OpenSSL 1.0.2o-freebsd 27 Mar 2018 [.] Threading:PTHREAD Sockets:POLL,IPv4 TLS:ENGINE,OCSP,PSK,SNI

Any insights into this matter are highly welcome.

Cheers, and merry youknowwhat,

Marko