Reference: Stunnel Ver 4.31 Windows Binaries
This is the actual configuration file I am using. There is not too much to it.
As shown below, this WORKS for Gmail's SSL port.. Port 465.
Notice that the sslVersion statement is remarked "out".
+++++++++++++++++++++++++++
output = STUNNEL.log
taskbar = NO
cert = stunnel.pem
client = yes
[SSMTP]
accept=DADSXPPRO:8025
connect=smtp.gmail.com:465
;sslVersion = TLSv1
++++++++++++++++++++++++++++
In theory (as I have read it...), to change this to TLS, I enable the sslVersion line,
And change the port (for Gmail) to 587.
Port 587 and TLS for Gmail have been tested and verified via Microsoft Outlook testing.
But when I do so, I cannot even log onto the Gmail server.
I get the error message referenced in the first message:
2010.02.25 10:35:44 LOG3[2696:2740]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
It occurs to me that I am only using the "stunnel.pem" file, as supplied by the installer program.
Do I have a certificate issue?
David M. Douglass
david@az-douglass.net
Home (480) 839-2629
Cell (602) 908-9092
David M. Douglass wrote:
Port 587 and TLS for Gmail have been tested and verified via Microsoft Outlook testing.
I recognize that lame Microsoft terminology is a source of confusion here. "TLS" setting in Microsoft (and some half-brained followers) has little to do with TLS. It is just RFC 2487 (http://www.faqs.org/rfcs/rfc2487.html) negotiation.
With stunnel you could enable RFC 2487 negotiation with: protocol = smtp
Mike
Hi, There is one case in my environment where secure connection to server doesn't happen...reason is only client hello is sent in ethereal traces and no server hello reply has been sent.although I have enable debug level 7 in stunnel.conf file but then also stunnel.log file has not been created.If server is the setup on which stunnel package is installd,then is there anything to do with stunnel package if server hello reply has not been sent for client hello meaasge.
Can anybody tell in what cases server hello message is not sent.
Regards Ankur
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
Ankur,
You have to specify a log file in the configuration file, e.g.;
output = stunnel.log
The location of the log file depends on the environment and version you are running. In Windows, the above statement puts the log file in
%programfiles%\stunnel
In Linux in versions through 4.29, I used
output = /etc/stunnel/stunnel.log
which puts the log file in
/etc/stunnel.
I did not use version 4.30, but in version 4.31 the directory is relative to the chroot so I now use
output = /stunnel.log
which puts the log file in
/usr/local/var/lib/stunnel
using the standard settings.
Carter
Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890
On 3/11/2010 5:15 AM, ankur.agarwal@wipro.com wrote:
Hi, There is one case in my environment where secure connection to server doesn't happen...reason is only client hello is sent in ethereal traces and no server hello reply has been sent.although I have enable debug level 7 in stunnel.conf file but then also stunnel.log file has not been created.If server is the setup on which stunnel package is installd,then is there anything to do with stunnel package if server hello reply has not been sent for client hello meaasge.
Can anybody tell in what cases server hello message is not sent.
Regards Ankur
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users .
Hi carter, thanks for the reply but this thing I already know...i have changed the file location also...the problem is we are having two client server setups in which we have to implement the secure connection...the thing is on one setup everything is working fine but with the other setup issue is coming in TLS handshak itself...and both the setups are having same configuration as well as software...and same environment also...we can not also say that it is setup issue....i just want to know the cases in which if tls handshake is not throing a alert message of warning/fatal....then why this server hello message is not seen...is stunnel have something to do with sending of this server hello message...
Best Regards Ankur
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of Carter Browne Sent: Thursday, March 11, 2010 7:09 PM To: stunnel-users@mirt.net Subject: Re: [stunnel-users] Stunnel.log file not got created
Ankur,
You have to specify a log file in the configuration file, e.g.;
output = stunnel.log
The location of the log file depends on the environment and version you are running. In Windows, the above statement puts the log file in
%programfiles%\stunnel
In Linux in versions through 4.29, I used
output = /etc/stunnel/stunnel.log
which puts the log file in
/etc/stunnel.
I did not use version 4.30, but in version 4.31 the directory is relative to the chroot so I now use
output = /stunnel.log
which puts the log file in
/usr/local/var/lib/stunnel
using the standard settings.
Carter
Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890
On 3/11/2010 5:15 AM, ankur.agarwal@wipro.com wrote:
Hi, There is one case in my environment where secure connection to server
doesn't happen...reason is only client hello is sent in ethereal traces and no server hello reply has been sent.although I have enable debug level 7 in stunnel.conf file but then also stunnel.log file has not been created.If server is the setup on which stunnel package is installd,then is there anything to do with stunnel package if server hello reply has not been sent for client hello meaasge.
Can anybody tell in what cases server hello message is not sent.
Regards Ankur
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users .
_______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
Ankur,
If you post the sections of the log messages from both sides about the failure, someone on the group should be able to help you with your problem.
Carter
Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890
On 3/11/2010 8:56 AM, ankur.agarwal@wipro.com wrote:
Hi carter, thanks for the reply but this thing I already know...i have changed the file location also...the problem is we are having two client server setups in which we have to implement the secure connection...the thing is on one setup everything is working fine but with the other setup issue is coming in TLS handshak itself...and both the setups are having same configuration as well as software...and same environment also...we can not also say that it is setup issue....i just want to know the cases in which if tls handshake is not throing a alert message of warning/fatal....then why this server hello message is not seen...is stunnel have something to do with sending of this server hello message...
Best Regards Ankur
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of Carter Browne Sent: Thursday, March 11, 2010 7:09 PM To: stunnel-users@mirt.net Subject: Re: [stunnel-users] Stunnel.log file not got created
Ankur,
You have to specify a log file in the configuration file, e.g.;
output = stunnel.log
The location of the log file depends on the environment and version you are running. In Windows, the above statement puts the log file in
%programfiles%\stunnel
In Linux in versions through 4.29, I used
output = /etc/stunnel/stunnel.log
which puts the log file in
/etc/stunnel.
I did not use version 4.30, but in version 4.31 the directory is relative to the chroot so I now use
output = /stunnel.log
which puts the log file in
/usr/local/var/lib/stunnel
using the standard settings.
Carter
Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890
On 3/11/2010 5:15 AM, ankur.agarwal@wipro.com wrote:
Hi, There is one case in my environment where secure connection to server
doesn't happen...reason is only client hello is sent in ethereal traces and no server hello reply has been sent.although I have enable debug level 7 in stunnel.conf file but then also stunnel.log file has not been created.If server is the setup on which stunnel package is installd,then is there anything to do with stunnel package if server hello reply has not been sent for client hello meaasge.
Can anybody tell in what cases server hello message is not sent.
Regards Ankur
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users .
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com .
-
ankur.agarwal@wipro.com -
Carter Browne -
David M. Douglass -
Michal Trojnara