Package: stunnel4
Version: 3:5.39-2
Severity: normal
Dear Maintainer,
* What led up to the situation?
Yesterday I ran `aptitude upgrade' after not having been able to upgrade
packages for about a month. Since the upgrade using stunnel4's service pop3s
fails with the following info in tunnel.log, using the debug=7 specification:
2017.08.21 11:40:08 LOG7[main]: Found 1 ready file descriptor(s)
2017.08.21 11:40:08 LOG7[main]: FD=4 events=0x2001 revents=0x0
2017.08.21 11:40:08 LOG7[main]: FD=7 events=0x2001 revents=0x1
2017.08.21 11:40:08 LOG7[main]: Service [pop3s] accepted (FD=3) from
89.200.38.152:56146
2017.08.21 11:40:08 LOG7[1]: Service [pop3s] started
2017.08.21 11:40:08 LOG7[1]: Option TCP_NODELAY set on local socket
2017.08.21 11:40:08 LOG5[1]: Service [pop3s] accepted connection from
89.200.38.152:56146
2017.08.21 11:40:08 LOG6[1]: Peer certificate not required
2017.08.21 11:40:08 LOG7[1]: TLS state (accept): before SSL initialization
2017.08.21 11:40:08 LOG7[1]: TLS state (accept): before SSL initialization
2017.08.21 11:40:08 LOG7[1]: TLS alert (write): fatal: protocol version
2017.08.21 11:40:08 LOG3[1]: SSL_accept: 1417D18C: error:1417D18C:SSL
routines:tls_process_client_hello:version too low
2017.08.21 11:40:08 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2017.08.21 11:40:08 LOG7[1]: Local descriptor (FD=3) closed
2017.08.21 11:40:08 LOG7[1]: Service [pop3s] finished (0 left)
* What exactly did you do (or not do) that was effective (or
ineffective)?
I searched for the `version too low' message on the Internet, but except for
messages ealier this year about stunnel4 being killed by shadowserver.org,
which do not provide suggestions about how to solve the issue nothing useful
was found. Also, the changelog and changelog.Debian files did not contain
information about this message.
* What was the outcome of this action?
The problem remains.
* What outcome did you expect instead?
I hoped to find some information about what causes this problem, and
preferably also some information about how to solve the problem.
Maybe I missed the obvious, if so, or if you need any additional information,
please let me know.
Kind regards,
Frank B. Brokken.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.12.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages stunnel4 depends on:
ii adduser 3.116
ii libc6 2.24-14
ii libssl1.1 1.1.0f-4
ii libsystemd0 234-2
ii libwrap0 7.6.q-26
ii lsb-base 9.20161125
ii netbase 5.4
ii openssl 1.1.0f-4
ii perl 5.26.0-5
stunnel4 recommends no packages.
Versions of packages stunnel4 suggests:
pn logcheck-database <none>
-- Configuration Files:
/etc/default/stunnel4 changed [not included]
/etc/logrotate.d/stunnel4 changed [not included]
-- no debconf information
