[stunnel-users] "SSL3_GET_RECORD:wrong version number" error
James Brown
jlbrown at bordo.com.au
Wed Oct 4 03:25:10 CEST 2006
I am having problems connecting to stunnel and was hoping someone
could help me.
When starting stunnel and then trying to send an SSL-encrypted email
through it I get:
$ sudo /usr/local/sbin/stunnel /sw/etc/stunnel/stunnel.conf -D 465 -r 25
2006.10.04 11:03:28 LOG7[29230:2684415368]: Snagged 64 random bytes
from /Users/jlbrown/.rnd
2006.10.04 11:03:28 LOG7[29230:2684415368]: Wrote 1024 new random
bytes to /Users/jlbrown/.rnd
2006.10.04 11:03:28 LOG7[29230:2684415368]: RAND_status claims
sufficient entropy for the PRNG
2006.10.04 11:03:28 LOG7[29230:2684415368]: PRNG seeded successfully
2006.10.04 11:03:28 LOG7[29230:2684415368]: Certificate: /Users/
jlbrown/%1.pem
2006.10.04 11:03:28 LOG7[29230:2684415368]: Certificate loaded
2006.10.04 11:03:28 LOG7[29230:2684415368]: Key file: /Users/jlbrown/%
1.pem
2006.10.04 11:03:28 LOG7[29230:2684415368]: Private key loaded
2006.10.04 11:03:28 LOG7[29230:2684415368]: SSL context initialized
for service ssmtp
2006.10.04 11:03:28 LOG5[29230:2684415368]: stunnel 4.18 on powerpc-
apple-darwin8.8.0 with OpenSSL 0.9.7i 14 Oct 2005
2006.10.04 11:03:28 LOG5[29230:2684415368]: Threading:PTHREAD
SSL:ENGINE Sockets:SELECT,IPv4 Auth:LIBWRAP
2006.10.04 11:03:28 LOG6[29230:2684415368]: file ulimit = 256 (can be
changed with 'ulimit -n')
2006.10.04 11:03:28 LOG6[29230:2684415368]: FD_SETSIZE = 1024 (some
systems allow to increase this value)
2006.10.04 11:03:28 LOG5[29230:2684415368]: 125 clients allowed
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 6 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 7 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 8 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: SO_REUSEADDR option set
on accept socket
2006.10.04 11:03:28 LOG7[29230:2684415368]: ssmtp bound to 0.0.0.0:465
James-Browns-Computer-2:~/stunnel-4.18 jlbrown$ 2006.10.04 11:03:28
LOG7[29231:2684415368]: Created pid file /usr/local/var/run/stunnel/
stunnel.pid
2006.10.04 11:08:08 LOG7[29231:2684415368]: ssmtp accepted FD=9 from
127.0.0.1:64235
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp started
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 9 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: TCP_NODELAY option set on
local socket
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 10 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 11 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: Connection from
127.0.0.1:64235 permitted by libwrap
2006.10.04 11:08:08 LOG5[29231:25188864]: ssmtp connected from
127.0.0.1:64235
2006.10.04 11:08:08 LOG7[29231:2684415368]: Cleaning up the signal pipe
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 10 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp connecting 127.0.0.1:25
2006.10.04 11:08:08 LOG7[29231:25188864]: connect_wait: waiting 10
seconds
2006.10.04 11:08:08 LOG6[29231:2684415368]: Child process 29421
finished with code 0
2006.10.04 11:08:08 LOG7[29231:25188864]: connect_wait: connected
2006.10.04 11:08:08 LOG7[29231:25188864]: Remote FD=10 initialized
2006.10.04 11:08:08 LOG7[29231:25188864]: TCP_NODELAY option set on
remote socket
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL state (connect): before/
connect initialization
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL state (connect): SSLv3
write client hello A
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL alert (write): fatal:
handshake failure
2006.10.04 11:08:08 LOG3[29231:25188864]: SSL_connect: 1408F10B:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2006.10.04 11:08:08 LOG5[29231:25188864]: Connection reset: 0 bytes
sent to SSL, 0 bytes sent to socket
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp finished (0 left)
Any suggestions as to what is causing this and how I can fix it?
I got the same thing on another machine, with stunnel 4.04 and
OpenSSL 0.9.7d.
My stunnel.conf file is:
cert = /Users/jlbrown/%1.pem
key = /Users/jlbrown/%1.pem
debug=7
output=/dev/stdout
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Service-level configuration
[ssmtp]
client = yes
accept = 465
connect = 192.168.1.31:25
Thanks,
James.
More information about the stunnel-users
mailing list