[stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?

H.U.Flück huf at inomatix.com
Thu Dec 18 15:27:48 CET 2014


Hello 

I realized that the latest RHEL6 updates including stunnel-4.29-3.el6_6.1
break our Stunnel connections!

We are forced to go back to previous version stunnel-4.29-3.el6_4 in order
to have the systems running again, and blocking Stunnel updates in
/etc/yum.conf for the moment.

Our typical client config and server configs are as follows:

Client (5.08):
**********
client = yes
compression = zlib
sslversion = TLSv1
delay = yes
debug = 7
taskbar = yes

cert = my.pem

[abas_ssh]
accept = 127.0.30.10:5303
connect = firewall.client.dom:5303

Server, xinetd.d:
*************
service stunnel_ssh
{
        disable          = no
        socket_type      = stream
        instances        = UNLIMITED
        per_source       = UNLIMITED
        wait             = no
        user             = root
        server           = /usr/bin/stunnel
        server_args      = /etc/stunnel/stunnel_ssh.conf
        log_on_success  += HOST DURATION
        log_on_failure  += HOST
}

Server, stunnel_ssh.conf
****************
cert = /support/stunnel/cert/server.pem
CApath = / support /stunnel/hash/
verify = 3
debug = 7
connect = 192.168.1.100:22

The error thrown is something like: 
Dec 17 17:30:23 srvabas stunnel: LOG3[3385:140171595282368]: SSL_accept:
140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol

What are we missing? Do we need to change the configuration?

Any help is highly appreciated.

Kind regards
H.U.Flueck






More information about the stunnel-users mailing list