[stunnel-users] RHEL6 Update stunnel-4.29-3.el6_6.1 breaks functionality?
Michal Trojnara
Michal.Trojnara at mirt.net
Sun Dec 21 19:26:50 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> On Dec 18, 2014, at 08:27, H.U.Flück <huf at inomatix.com> wrote: The
> error thrown is something like: Dec 17 17:30:23 srvabas stunnel:
> LOG3[3385:140171595282368]: SSL_accept: 140760FC:
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> protocol
>
> What are we missing? Do we need to change the configuration?
I downloaded the source packages to identify the exact change they made.
The only difference between the previous and the updated version is
that the new one configures stunnel with:
configure --enable-fips --enable-ipv6 \
CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"
rather than:
configure --disable-fips --enable-ipv6 \
CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"
The update doesn't change anything in the source code of stunnel.
In stunnel 4.x FIPS mode is enabled by default. You may disable it
with "fips = no". In order to get your configuration working without
disabling FIPS mode you may also try "sslVersion = TLSv1".
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSXEOoACgkQ/NU+nXTHMtFBIgCaAth7QWGcFm4kaCNtqW70mQcC
RKEAoN8i3Eb+bf9Qy0zWiITVX2hGYY/z
=5kyW
-----END PGP SIGNATURE-----
More information about the stunnel-users
mailing list