[stunnel-users] sslv3 alert bad certificate
marko
marko at half2.nl
Wed Dec 26 16:58:54 CET 2018
Hello all,
I'm using xmas for something useful - i.e. to configure a new server.
After an install of stunnel 5.50 and generating the .pem and .key files
with:
openssl req -new -x509 -nodes -out /usr/local/etc/stunnel/nw_stunnel.pem
-keyout /usr/local/etc/stunnel/nw_stunnel.key -days 1825
using this settings in the stunnel.conf:
cert = /usr/local/etc/stunnel/nw_stunnel.pem
key = /usr/local/etc/stunnel/nw_stunnel.key
options = -NO_SSLv3
sslVersion = all
I got
LOG5[0]: Service [imaps] accepted connection from 192.168.1.3:64233
Dec LOG3[0]: SSL_accept: 14094412: error:14094412:SSL
routines:ssl3_read_bytes:sslv3 alert bad certificate
LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Just wondering: this is a self issued CA-Cert. Does the bad certificate
error refer to the unsafe ssl3-standard or is it a placeholder for the
certificate being self-generated as well?
I'm currentlty on
[.] stunnel 5.50 on amd64-portbld-freebsd12.0 platform
[.] Compiled/running with OpenSSL 1.1.1a-freebsd 20 Nov 2018
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
This configuration works with the same install procedure:
[.] stunnel 5.49 on i386-portbld-freebsd11.2 platform
[.] Compiled/running with OpenSSL 1.0.2o-freebsd 27 Mar 2018
[.] Threading:PTHREAD Sockets:POLL,IPv4 TLS:ENGINE,OCSP,PSK,SNI
Any insights into this matter are highly welcome.
Cheers, and merry youknowwhat,
Marko
More information about the stunnel-users
mailing list