[stunnel-users] stunnel not working properly on Redhat linux (fresh install)
Klaus Kloeser
klaus at kloeser.com
Fri Jan 4 15:14:27 CET 2019
Hi,
I have set up Stunnel as SSL Wrapper for googlemail on a Redhat Enterprise Linux 7.2 installation.
The stunnel.conf:
output = /var/log/stunnel.log
cert = /etc/pki/tls/certs/2019stunnel.pem
client = yes
sslVersion = TLSv1
;fips=no
[ssmtp]
accept = 1925
connect=smtp.googlemail.com:587
lets me start stunned well.
I have created the file 2019stunnel.pem following the Instructions on Redhat:
make 2019stunnel.pem in the correct directory (certs)
now I tried to telnet localhost 1925; I get a “connected”, but nothing more. telnet smtp.googlemail 587 runs very well, I get connected, so I assume it is not a firewall issue.
I checked the options
sslVersion = TLSv1 and
sslVersion = all alternatively, which led to different errors in stunnel.log:
Service [ssmtp] accepted connection from 127.0.0.1:49723 2019.01.04 14:45:01 LOG3[4500:140416608397056]: connect_blocking: connect 2a00:1450:400c:c0c::10:587: Network is unreachable (101) 2019.01.04 14:45:01 LOG5[4500:140416608397056]: connect_blocking: connected 74.125.140.16:587 2019.01.04 14:45:01 LOG5[4500:140416608397056]: Service [ssmtp] connected remote server from 192.168.178.57:44246 2019.01.04 14:45:01 LOG3[4500:140416608397056]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2019.01.04 14:45:01 LOG5[4500:140416608397056]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2019.01.04 14:54:24 LOG5[4500:140416608249920]: Terminated
or
Service [ssmtp] accepted connection from 192.168.178.57:57612 2019.01.04 14:54:36 LOG5[7437:139957105055488]: connect_blocking: connected 173.194.76.16:587 2019.01.04 14:54:36 LOG5[7437:139957105055488]: Service [ssmtp] connected remote server from 192.168.178.57:52192 2019.01.04 14:54:36 LOG3[7437:139957105055488]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2019.01.04 14:54:36 LOG5[7437:139957105055488]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
Now Open SSL:
Openssl output:
openssl s_client -connect localhost:1925 CONNECTED(00000003)
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 289 bytes
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1546610402 Timeout : 300 (sec) Verify return code: 0 (ok)
What do I miss here; what is running wrong ?
Mit freundlichen Grüßen/ best regards
Klaus Klöser
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190104/d92df976/attachment.html>
More information about the stunnel-users
mailing list