Hi All,

Hopefully the last question with my struggles!

Stunnel connects and the initial TLS connection works - but then it seems the client or server (I am client) does not trust the psk key? Any ideas?

Note - part of the previous issue was creating a 64B/512b PSK and NOT a 32/B/256b psk. I created that key and shared it with the server. See below line referencing 256bit encryption?

May 18 16:34:38 user-Linux stunnel: LOG5[0]: Service [** redacted **] connected remote server from ** redacted ** May 18 16:34:38 user-Linux stunnel: LOG7[0]: Setting remote socket options (FD=11) May 18 16:34:38 user-Linux stunnel: LOG7[0]: Option TCP_NODELAY set on remote socket May 18 16:34:38 user-Linux stunnel: LOG7[0]: Remote descriptor (FD=11) initialized May 18 16:34:38 user-Linux stunnel: LOG6[0]: SNI: sending servername: ** redacted ** May 18 16:34:38 user-Linux stunnel: LOG6[0]: Peer certificate not required May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): before SSL initialization May 18 16:34:38 user-Linux stunnel: LOG7[0]: Initializing application specific data for session authenticated May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS write client hello May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS write client hello May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS read server hello May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS read server key exchange May 18 16:34:38 user-Linux stunnel: LOG6[0]: Client certificate not requested May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS read server done May 18 16:34:38 user-Linux stunnel: LOG6[0]: PSK client configured for identity "client" May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS write client key exchange May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS write change cipher spec May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS write finished May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS write finished May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS read server session ticket May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS read change cipher spec May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS state (connect): SSLv3/TLS read finished May 18 16:34:38 user-Linux stunnel: LOG7[0]: New session callback May 18 16:34:38 user-Linux stunnel: LOG6[0]: No peer certificate received May 18 16:34:38 user-Linux stunnel: LOG6[0]: Session id: ***** redacted **** May 18 16:34:38 user-Linux stunnel: LOG7[0]: 1 client connect(s) requested May 18 16:34:38 user-Linux stunnel: LOG7[0]: 1 client connect(s) succeeded May 18 16:34:38 user-Linux stunnel: LOG7[0]: 0 client renegotiation(s) requested May 18 16:34:38 user-Linux stunnel: LOG7[0]: 0 session reuse(s) May 18 16:34:38 user-Linux stunnel: LOG6[0]: TLS connected: new session negotiated May 18 16:34:38 user-Linux stunnel: LOG6[0]: TLSv1.2 ciphersuite: ECDHE-PSK-CHACHA20-POLY1305 (256-bit encryption) May 18 16:34:38 user-Linux stunnel: LOG7[0]: Compression: null, expansion: null May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS alert (read): warning: close notify May 18 16:34:38 user-Linux stunnel: LOG6[0]: TLS closed (SSL_read) May 18 16:34:38 user-Linux stunnel: LOG7[0]: Sent socket write shutdown May 18 16:34:38 user-Linux stunnel: LOG6[0]: Read socket closed (readsocket) May 18 16:34:38 user-Linux stunnel: LOG7[0]: Sending close_notify alert May 18 16:34:38 user-Linux stunnel: LOG7[0]: TLS alert (write): warning: close notify May 18 16:34:38 user-Linux stunnel: LOG6[0]: SSL_shutdown successfully sent close_notify alert May 18 16:34:38 user-Linux stunnel: LOG5[0]: Connection closed: 98 byte(s) sent to TLS, 0 byte(s) sent to socket May 18 16:34:38 user-Linux stunnel: LOG7[0]: Remote descriptor (FD=11) closed May 18 16:34:38 user-Linux stunnel: LOG7[0]: Local descriptor (FD=3) closed May 18 16:34:38 user-Linux stunnel: LOG7[0]: Service [*redacted*]finished (0 left)