[stunnel-users] "SSL3_GET_RECORD:wrong version number" error

James Brown jlbrown at bordo.com.au
Wed Oct 4 03:25:10 CEST 2006


I am having problems connecting to stunnel and was hoping someone  
could help me.

When starting stunnel and then trying to send an SSL-encrypted email  
through it I get:

$ sudo /usr/local/sbin/stunnel /sw/etc/stunnel/stunnel.conf -D 465 -r 25
2006.10.04 11:03:28 LOG7[29230:2684415368]: Snagged 64 random bytes  
from /Users/jlbrown/.rnd
2006.10.04 11:03:28 LOG7[29230:2684415368]: Wrote 1024 new random  
bytes to /Users/jlbrown/.rnd
2006.10.04 11:03:28 LOG7[29230:2684415368]: RAND_status claims  
sufficient entropy for the PRNG
2006.10.04 11:03:28 LOG7[29230:2684415368]: PRNG seeded successfully
2006.10.04 11:03:28 LOG7[29230:2684415368]: Certificate: /Users/ 
jlbrown/%1.pem
2006.10.04 11:03:28 LOG7[29230:2684415368]: Certificate loaded
2006.10.04 11:03:28 LOG7[29230:2684415368]: Key file: /Users/jlbrown/% 
1.pem
2006.10.04 11:03:28 LOG7[29230:2684415368]: Private key loaded
2006.10.04 11:03:28 LOG7[29230:2684415368]: SSL context initialized  
for service ssmtp
2006.10.04 11:03:28 LOG5[29230:2684415368]: stunnel 4.18 on powerpc- 
apple-darwin8.8.0 with OpenSSL 0.9.7i 14 Oct 2005
2006.10.04 11:03:28 LOG5[29230:2684415368]: Threading:PTHREAD  
SSL:ENGINE Sockets:SELECT,IPv4 Auth:LIBWRAP
2006.10.04 11:03:28 LOG6[29230:2684415368]: file ulimit = 256 (can be  
changed with 'ulimit -n')
2006.10.04 11:03:28 LOG6[29230:2684415368]: FD_SETSIZE = 1024 (some  
systems allow to increase this value)
2006.10.04 11:03:28 LOG5[29230:2684415368]: 125 clients allowed
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 6 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 7 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 8 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: SO_REUSEADDR option set  
on accept socket
2006.10.04 11:03:28 LOG7[29230:2684415368]: ssmtp bound to 0.0.0.0:465
James-Browns-Computer-2:~/stunnel-4.18 jlbrown$ 2006.10.04 11:03:28  
LOG7[29231:2684415368]: Created pid file /usr/local/var/run/stunnel/ 
stunnel.pid
2006.10.04 11:08:08 LOG7[29231:2684415368]: ssmtp accepted FD=9 from  
127.0.0.1:64235
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp started
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 9 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: TCP_NODELAY option set on  
local socket
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 10 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 11 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: Connection from  
127.0.0.1:64235 permitted by libwrap
2006.10.04 11:08:08 LOG5[29231:25188864]: ssmtp connected from  
127.0.0.1:64235
2006.10.04 11:08:08 LOG7[29231:2684415368]: Cleaning up the signal pipe
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 10 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp connecting 127.0.0.1:25
2006.10.04 11:08:08 LOG7[29231:25188864]: connect_wait: waiting 10  
seconds
2006.10.04 11:08:08 LOG6[29231:2684415368]: Child process 29421  
finished with code 0
2006.10.04 11:08:08 LOG7[29231:25188864]: connect_wait: connected
2006.10.04 11:08:08 LOG7[29231:25188864]: Remote FD=10 initialized
2006.10.04 11:08:08 LOG7[29231:25188864]: TCP_NODELAY option set on  
remote socket
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL state (connect): before/ 
connect initialization
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL state (connect): SSLv3  
write client hello A
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL alert (write): fatal:  
handshake failure
2006.10.04 11:08:08 LOG3[29231:25188864]: SSL_connect: 1408F10B:  
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2006.10.04 11:08:08 LOG5[29231:25188864]: Connection reset: 0 bytes  
sent to SSL, 0 bytes sent to socket
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp finished (0 left)

Any suggestions as to what is causing this and how I can fix it?

I got the same thing on another machine, with stunnel 4.04 and  
OpenSSL 0.9.7d.

My stunnel.conf file is:

cert = /Users/jlbrown/%1.pem
key = /Users/jlbrown/%1.pem
debug=7
output=/dev/stdout
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Service-level configuration
[ssmtp]
client = yes
accept  = 465
connect = 192.168.1.31:25

Thanks,

James.




More information about the stunnel-users mailing list