[stunnel-users] The Error with Engine

Donne, Ann ann.donne at bankofamerica.com
Tue Sep 8 19:19:31 CEST 2015


Hi all, Need your help.

When I configured the Stunnel without the Engine LunaCA3 (product from SafeNet), everything worked fine. After add the global option with the engine:
engine=LunaCA3
    engineCtrl=SO_PATH:/usr/local/ssl/lib/engines/liblunaca3.so

I got the following error. I also searched previous engine issues and saw someone else with the similar issues. Hope that the issue was resolved.

The Stunnel and the open SSL info: stunnel 5.20 on x86_64 Linux. Compiled/running with OpenSSL 1.0.1i-fips. The setting is for server with sslVersion = TLSv1 and ciphers = AES128-SHA.


2015.09.08 11:11:01 LOG7[0]: SSL state (accept): SSLv3 read client certificate A
2015.09.08 11:11:01 LOG7[0]: SSL state (accept): SSLv3 read client key exchange A
2015.09.08 11:11:01 LOG7[0]: SSL state (accept): SSLv3 read certificate verify A
2015.09.08 11:11:01 LOG7[0]: SSL alert (write): fatal: bad record mac
2015.09.08 11:11:01 LOG3[0]: SSL_accept: 1408F119: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
2015.09.08 11:11:01 LOG5[0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2015.09.08 11:11:01 LOG7[0]: Deallocating application specific data for addr index
2015.09.08 11:11:01 LOG7[0]: Local socket (FD=3) closed

Any help and info are greatly appreciated!!

Thanks

Ann Donne

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150908/3a9c1662/attachment.html>


More information about the stunnel-users mailing list