[stunnel-users] stunnel 5.50 released

Jakob Hirsch jh at plonk.de
Mon Dec 3 10:43:54 CET 2018


Hi!

On 2018-12-03 00:10, Michal Trojnara wrote:
>   - 32-bit Windows builds replaced with 64-bit builds.
>   - OpenSSL DLLs updated to version 1.1.1.

Nice, thanks! But...

>   - Fixed PSK session resumption with TLS 1.3.

Is this related to the Zizhong's posting? Because I am using PSK and now
the connection fails unless I disable TLS 1.3:

> 2018.12.03 10:39:36 LOG7[ui]: Found 1 ready file descriptor(s)
> 2018.12.03 10:39:36 LOG7[ui]: FD=4 events=0x2001 revents=0x0
> 2018.12.03 10:39:36 LOG7[ui]: FD=8 events=0x2001 revents=0x1
> 2018.12.03 10:39:36 LOG7[ui]: Service [xxxxxx] accepted (FD=3) from ::ffff:xxxxxxxxxxxxxx:52864
> 2018.12.03 10:39:36 LOG7[1]: Service [xxxxxx] started
> 2018.12.03 10:39:36 LOG7[1]: Setting local socket options (FD=3)
> 2018.12.03 10:39:36 LOG7[1]: Option TCP_NODELAY set on local socket
> 2018.12.03 10:39:36 LOG5[1]: Service [xxxxxx] accepted connection from ::ffff:xxxxxxxxxxxxxx:52864
> 2018.12.03 10:39:36 LOG6[1]: Peer certificate not required
> 2018.12.03 10:39:36 LOG7[1]: TLS state (accept): before SSL initialization
> 2018.12.03 10:39:36 LOG7[1]: TLS state (accept): before SSL initialization
> 2018.12.03 10:39:36 LOG5[1]: Key configured for PSK identity "xxxxxxx"
> 2018.12.03 10:39:36 LOG7[1]: TLS alert (write): fatal: internal error
> 2018.12.03 10:39:36 LOG7[1]: Deallocating application specific data for session connect address
> 2018.12.03 10:39:36 LOG3[1]: SSL_accept: 141F9044: error:141F9044:SSL routines:tls_parse_ctos_psk:internal error
> 2018.12.03 10:39:36 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
> 2018.12.03 10:39:36 LOG7[1]: Local descriptor (FD=3) closed
> 2018.12.03 10:39:36 LOG7[1]: Service [xxxxxx] finished (0 left)

Server has OpenSSL 1.1.1 on Linux (F29), client has the included OpenSSL
1.1.1a on Windows.
The clients merely logs "SSL_connect: Peer suddenly disconnected",


Regards,
Jakob



More information about the stunnel-users mailing list