[stunnel-users] unknown protocol

Brian Wilkins bwilkins at gmail.com
Sat Jan 12 00:02:04 CET 2013


Try specifying the ssl versions and options that you want or don't want
explicitly.
On Jan 11, 2013 5:09 PM, "Brandon Glenn" <kocrachon at gmail.com> wrote:

>   I am currently trying to setup stunnel to help me send emails from a
> program that sends alerts but does not use SSL, to a cloud email service
> that I use that requires SSL. I have the configuration setup trying to find
> out where the error is, and I am down to this last error.
>
>
>
> SSL23_GET_CLIENT_HELLO:unknown protocol
>
>
>
> Here is my config file.
>
>
>
> ; Sample stunnel configuration file for Win32 by Michal Trojnara 2002-2012
>
> ; Some options used here may be inadequate for your particular
> configuration
>
> ; This sample file does *not* represent stunnel.conf defaults
>
> ; Please consult the manual for detailed description of available options
>
>
>
> ;
> **************************************************************************
>
> ; * Global options
> *
>
> ;
> **************************************************************************
>
>
>
> ; Debugging stuff (may useful for troubleshooting)
>
> ;debug = 7
>
> ;output = stunnel.log
>
>
>
> ; Disable FIPS mode to allow non-approved protocols and algorithms
>
> fips = no
>
>
>
> ;
> **************************************************************************
>
> ; * Service defaults may also be specified in individual service sections
> *
>
> ;
> **************************************************************************
>
>
>
> ; Certificate/key is needed in server mode and optional in client mode
>
> cert = stunnel.pem
>
> ;key = stunnel.pem
>
>
>
> ; Authentication stuff needs to be configured to prevent MITM attacks
>
> ; It is not enabled by default!
>
> ;verify = 2
>
> ; Don't forget to c_rehash CApath
>
> ;CApath = certs
>
> ; It's often easier to use CAfile
>
> ;CAfile = certs.pem
>
> ; Don't forget to c_rehash CRLpath
>
> ;CRLpath = crls
>
> ; Alternatively CRLfile can be used
>
> ;CRLfile = crls.pem
>
>
>
> sslVersion = all
>
>
>
> ; Disable support for insecure SSLv2 protocol
>
> options = NO_SSLv2
>
> ; Workaround for Eudora bug
>
> ;options = DONT_INSERT_EMPTY_FRAGMENTS
>
>
>
> ; These options provide additional security at some performance degradation
>
> ;options = SINGLE_ECDH_USE
>
> ;options = SINGLE_DH_USE
>
>
>
> ;
> **************************************************************************
>
> ; * Service definitions (at least one service has to be defined)
> *
>
> ;
> **************************************************************************
>
>
>
> ; The default certificate
>
> cert = stunnel.pem
>
> ; Some performance tunings socket = l:TCP_NODELAY=1 socket =
> r:TCP_NODELAY=1
>
> ; Set client mode client = yes
>
> ; GMail ssmtp settings
>
> [ssmtp]
>
> accept = 25
>
> connect = 174.129.0.38:465
>
>
>
> ; GMail pop3s settings
>
> [pop3s]
>
> accept = 110
>
> connect = 174.129.0.38:995
>
> ; GMail imaps settings
>
> [imaps]
>
> accept = 143
>
> connect = 174.129.0.38:993
>
>
>
> ; Example SSL front-end to a web server
>
>
>
> ;[https]
>
> ;accept  = 443
>
> ;connect = 80
>
> ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
>
> ; Microsoft implementations do not use SSL close-notify alert and thus
>
> ; they are vulnerable to truncation attacks
>
> ;TIMEOUTclose = 0
>
>
>
> ; vim:ft=dosini
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130111/f8924727/attachment.html>


More information about the stunnel-users mailing list