error:0A000438:SSL routines::tlsv1 alert internal error - stunnel-users

21 Sep 2022


      Hello,
I am trying to use the xvncviewer on Ubuntu by VNC over stunnel,
it will connect failed and print "xvncviewer: read: Connection reset by peer".
The LOG on VNC server is here:
2012.01.01 00:21:58 LOG7[1]: Initializing application specific data for session authenticated
2012.01.01 00:21:58 LOG7[1]: SNI: no virtual services defined
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS read client hello
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write server hello
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write certificate
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write key exchange
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write certificate request
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write server done
2012.01.01 00:21:58 LOG7[1]: TLS alert (read): fatal: internal error
2012.01.01 00:21:58 LOG3[1]: SSL_accept: ssl/record/rec_layer_s3.c:1584: error:0A000438:SSL routines::tlsv1 alert internal error
2012.01.01 00:21:58 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2012.01.01 00:21:58 LOG7[1]: Deallocating application specific data for session connect address
2012.01.01 00:21:58 LOG7[1]: Local descriptor (FD=3) closed
2012.01.01 00:21:58 LOG7[1]: Service [vnc] finished (0 left)
I am running Stunnel 5.63
Here is the configuration currently:
stunnel.conf on VNC client:
cert = /home/server.pem
key = /home/privkey.pem
[VNC]
client = yes
accept = 127.0.0.1:5901
connect = 172.31.100.121:5901
sslVersion = all
verifyChain = yes
CAfile = /home/server.pem
checkIP = 172.31.100.121
stunnel.conf on VNC server:
cert = /conf/server.pem
;key =  /conf/certs/privkey.pem
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
socket = a:TCP_NODELAY=1
debug = 7
foreground = yes
client =  no
ciphers=AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
sslVersion = TLSv1.2
[vnc]
accept = :::5901
connect = 5900
verify = 3
CAfile = /conf/server.pem
Is this something I can remedy from the configuration, or is this something that requires
modification?
Thank you 
Johan