[stunnel-users] What is the difference between "all" and "SSLv3" for sslVersion?
Christopher Hunt
huntc at internode.on.net
Sun Sep 14 08:12:51 CEST 2008
Hi there,
I would like to understand the difference between specifying an
sslVersion of "all" vs "SSLv3" when I see that the client is
attempting SSLv3.
I have a Java 1.5 ssl client connecting to an stunnel endpoint. If I
specify an sslVersion of "all" in my stunnel configuration then the
client is able to connect. When I see it connect, it appears to have
connected as SSLv3 i.e.:
2008.09.14 15:59:20 LOG7[98326:2690846624]: https accepted FD=12 from
127.0.0.1:59812
2008.09.14 15:59:20 LOG7[98326:2952859648]: https started
2008.09.14 15:59:20 LOG7[98326:2952859648]: FD 12 in non-blocking mode
2008.09.14 15:59:20 LOG7[98326:2952859648]: TCP_NODELAY option set on
local socket
2008.09.14 15:59:20 LOG7[98326:2952859648]: Waiting for a libwrap
process
2008.09.14 15:59:20 LOG7[98326:2952859648]: Acquired libwrap process #0
2008.09.14 15:59:20 LOG7[98326:2952859648]: Releasing libwrap process #0
2008.09.14 15:59:20 LOG7[98326:2952859648]: Released libwrap process #0
2008.09.14 15:59:20 LOG7[98326:2952859648]: https permitted by libwrap
from 127.0.0.1:59812
2008.09.14 15:59:20 LOG5[98326:2952859648]: https accepted connection
from 127.0.0.1:59812
2008.09.14 15:59:20 LOG7[98326:2952859648]: SSL state (accept): before/
accept initialization
2008.09.14 15:59:21 LOG7[98326:2952859648]: SSL state (accept): SSLv3
read client hello A
etc.
If I substitute "SSLv3" for the value of sslVersion then I get:
2008.09.14 15:56:26 LOG7[98297:2690846624]: https accepted FD=12 from
127.0.0.1:59795
2008.09.14 15:56:26 LOG7[98297:2952859648]: https started
2008.09.14 15:56:26 LOG7[98297:2952859648]: FD 12 in non-blocking mode
2008.09.14 15:56:26 LOG7[98297:2952859648]: TCP_NODELAY option set on
local socket
2008.09.14 15:56:26 LOG7[98297:2952859648]: Waiting for a libwrap
process
2008.09.14 15:56:26 LOG7[98297:2952859648]: Acquired libwrap process #0
2008.09.14 15:56:26 LOG7[98297:2952859648]: Releasing libwrap process #0
2008.09.14 15:56:26 LOG7[98297:2952859648]: Released libwrap process #0
2008.09.14 15:56:26 LOG7[98297:2952859648]: https permitted by libwrap
from 127.0.0.1:59795
2008.09.14 15:56:26 LOG5[98297:2952859648]: https accepted connection
from 127.0.0.1:59795
2008.09.14 15:56:26 LOG7[98297:2952859648]: SSL state (accept): before/
accept initialization
2008.09.14 15:56:27 LOG3[98297:2952859648]: SSL_accept: 1408F10B:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
I have also tried specifying "SSLv2" (client disconnected complaining
that v2 was not supported) and "TLSv1" (yields the same error as
"SSLv3".
My version of stunnel is:
stunnel 4.25 on i686-apple-darwin9.4.0 with OpenSSL 0.9.7l 28 Sep 2006
Thank you in advance for any explanation on the difference between
"all" and "SSLv3".
Kind regards,
Christopher
More information about the stunnel-users
mailing list