[stunnel-users] stunnel compatibility problems between Windows & Linux ?

Mon Oct 26 18:06:14 CET 2009

I am running an stunnel in chroot setup on a Red Hat Enterprise Linux Server
(v3) :
stunnel 4.27 on x86_64-unknown-linux-gnu with OpenSSL 0.9.7a Feb 19 2003
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6

And i want to connect from a Windows 2003 system (als version 4.27)

When i try to do a basic connect from the Windows stunnel to the Linux
stunnel, the connection gets reset each time, ssldump shows:

New TCP connection #1: hans13(1363) <-> nada(25000)
1 1  0.0000 (0.0000)  C>S  Handshake                             
      ClientHello                                                
        Version 3.0                                              
        cipher suites                                            
        Unknown value 0x39                                       
        Unknown value 0x38                                       
        Unknown value 0x35                                       
        SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA                        
        SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA                        
        SSL_RSA_WITH_3DES_EDE_CBC_SHA                            
        Unknown value 0x33                                       
        Unknown value 0x32                                       
        Unknown value 0x2f                                       
        SSL_RSA_WITH_RC4_128_SHA                                 
        SSL_RSA_WITH_RC4_128_MD5                                 
        SSL_DHE_RSA_WITH_DES_CBC_SHA                             
        SSL_DHE_DSS_WITH_DES_CBC_SHA                             
        SSL_RSA_WITH_DES_CBC_SHA                                 
        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA                    
        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA                    
        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA                        
        SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5                       
        SSL_RSA_EXPORT_WITH_RC4_40_MD5                           
        compression methods                                      
                unknown value                                    
                  NULL                                           
1 2  0.0000 (0.0000)  S>C  Alert                                 
    level           fatal                                        
    value           handshake_failure                            
1    0.0000 (0.0000)  S>C  TCP RST                               

Stunnel logging shows:
2009.10.26 10:37:25 LOG7[29959:1073879408]: xxx started
2009.10.26 10:37:25 LOG7[29959:1073879408]: FD 7 in non-blocking mode
2009.10.26 10:37:25 LOG5[29959:1073879408]: tfe accepted connection from 10.10.10.10:1250
2009.10.26 10:37:25 LOG7[29959:1073879408]: SSL state (accept): before/accept initialization
2009.10.26 10:37:25 LOG7[29959:1073879408]: SSL alert (write): fatal: handshake failure
2009.10.26 10:37:25 LOG3[29959:1073879408]: SSL_accept: 1408A09F: error:1408A09F:SSL routines:SSL3_GET_CLIENT_HELLO:length mismatch
2009.10.26 10:37:25 LOG5[29959:1073879408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2009.10.26 10:37:25 LOG7[29959:1073879408]: xxx finished (-1 left)

When i explicitly configure the Windows stunnel to use:
sslVersion = SSLv2
or
sslVersion = TLSv1 (see ssldump logging below)

everything works fine.
Is this a known bug or an undocumented feature?

Ewald...

New TCP connection #3: hans13.amc.nl(1367) <-> nada.amc.nl(25000)
3 1  0.0000 (0.0000)  C>S  Handshake
      ClientHello
        Version 3.1
        resume [32]=
          b8 a1 d2 93 6a ae 4a 0d 49 04 cd 88 92 75 f1 6d
          d7 65 88 c3 01 51 bf eb d4 44 ce b7 fd 75 32 64
        cipher suites
        Unknown value 0x39
        Unknown value 0x38
        Unknown value 0x35
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        Unknown value 0x33
        Unknown value 0x32
        Unknown value 0x2f
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_DHE_RSA_WITH_DES_CBC_SHA
        TLS_DHE_DSS_WITH_DES_CBC_SHA
        TLS_RSA_WITH_DES_CBC_SHA
        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
        TLS_RSA_EXPORT_WITH_RC4_40_MD5
        compression methods
                unknown value
                  NULL
3 2  0.0000 (0.0000)  S>C  Handshake
      ServerHello
        Version 3.1
        session_id[32]=
          b8 a1 d2 93 6a ae 4a 0d 49 04 cd 88 92 75 f1 6d
          d7 65 88 c3 01 51 bf eb d4 44 ce b7 fd 75 32 64
        cipherSuite         Unknown value 0x35
        compressionMethod                   NULL

etc...