"SSL3_GET_RECORD:wrong version number" error

James Brown Wed, 04 Oct 2006 00:48:21 -0700

I am having problems connecting to stunnel and was hoping someonecould help me.

I am trying to getting SSL "wrong version number" errors when I tryto send mail through an SSL proxy called Stunnel to my mail server.


Can anyone tell me what this SSL error means and how I can fix it?

When starting stunnel and then trying to send an SSL-encrypted emailthrough it I get:


$ sudo /usr/local/sbin/stunnel /sw/etc/stunnel/stunnel.conf -D 465 -r 25

2006.10.04 11:03:28 LOG7[29230:2684415368]: Snagged 64 random bytesfrom /Users/jlbrown/.rnd2006.10.04 11:03:28 LOG7[29230:2684415368]: Wrote 1024 new randombytes to /Users/jlbrown/.rnd2006.10.04 11:03:28 LOG7[29230:2684415368]: RAND_status claimssufficient entropy for the PRNG

2006.10.04 11:03:28 LOG7[29230:2684415368]: PRNG seeded successfully

2006.10.04 11:03:28 LOG7[29230:2684415368]: Certificate: /Users/jlbrown/%1.pem

2006.10.04 11:03:28 LOG7[29230:2684415368]: Certificate loaded

2006.10.04 11:03:28 LOG7[29230:2684415368]: Key file: /Users/jlbrown/%1.pem

2006.10.04 11:03:28 LOG7[29230:2684415368]: Private key loaded

2006.10.04 11:03:28 LOG7[29230:2684415368]: SSL context initializedfor service ssmtp2006.10.04 11:03:28 LOG5[29230:2684415368]: stunnel 4.18 on powerpc-apple-darwin8.8.0 with OpenSSL 0.9.7i 14 Oct 20052006.10.04 11:03:28 LOG5[29230:2684415368]: Threading:PTHREADSSL:ENGINE Sockets:SELECT,IPv4 Auth:LIBWRAP2006.10.04 11:03:28 LOG6[29230:2684415368]: file ulimit = 256 (can bechanged with 'ulimit -n')2006.10.04 11:03:28 LOG6[29230:2684415368]: FD_SETSIZE = 1024 (somesystems allow to increase this value)

2006.10.04 11:03:28 LOG5[29230:2684415368]: 125 clients allowed
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 6 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 7 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 8 in non-blocking mode

2006.10.04 11:03:28 LOG7[29230:2684415368]: SO_REUSEADDR option seton accept socket

2006.10.04 11:03:28 LOG7[29230:2684415368]: ssmtp bound to 0.0.0.0:465

James-Browns-Computer-2:~/stunnel-4.18 jlbrown$ 2006.10.04 11:03:28LOG7[29231:2684415368]: Created pid file /usr/local/var/run/stunnel/stunnel.pid2006.10.04 11:08:08 LOG7[29231:2684415368]: ssmtp accepted FD=9 from127.0.0.1:64235

2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp started
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 9 in non-blocking mode

2006.10.04 11:08:08 LOG7[29231:25188864]: TCP_NODELAY option set onlocal socket

2006.10.04 11:08:08 LOG7[29231:25188864]: FD 10 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 11 in non-blocking mode

2006.10.04 11:08:08 LOG7[29231:25188864]: Connection from127.0.0.1:64235 permitted by libwrap2006.10.04 11:08:08 LOG5[29231:25188864]: ssmtp connected from127.0.0.1:64235

2006.10.04 11:08:08 LOG7[29231:2684415368]: Cleaning up the signal pipe
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 10 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp connecting 127.0.0.1:25

2006.10.04 11:08:08 LOG7[29231:25188864]: connect_wait: waiting 10seconds2006.10.04 11:08:08 LOG6[29231:2684415368]: Child process 29421finished with code 0

2006.10.04 11:08:08 LOG7[29231:25188864]: connect_wait: connected
2006.10.04 11:08:08 LOG7[29231:25188864]: Remote FD=10 initialized

2006.10.04 11:08:08 LOG7[29231:25188864]: TCP_NODELAY option set onremote socket2006.10.04 11:08:08 LOG7[29231:25188864]: SSL state (connect): before/connect initialization2006.10.04 11:08:08 LOG7[29231:25188864]: SSL state (connect): SSLv3write client hello A2006.10.04 11:08:08 LOG7[29231:25188864]: SSL alert (write): fatal:handshake failure2006.10.04 11:08:08 LOG3[29231:25188864]: SSL_connect: 1408F10B:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number2006.10.04 11:08:08 LOG5[29231:25188864]: Connection reset: 0 bytessent to SSL, 0 bytes sent to socket

2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp finished (0 left)

Any suggestions as to what is causing this and how I can fix it?

I got the same thing on another machine, with stunnel 4.04 andOpenSSL 0.9.7d.


My stunnel.conf file is:

cert = /Users/jlbrown/%1.pem
key = /Users/jlbrown/%1.pem
debug=7
output=/dev/stdout
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Service-level configuration
[ssmtp]
client = yes
accept  = 465
connect = 192.168.1.31:25

Any help would be much appreciated.

Thanks,

James.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

"SSL3_GET_RECORD:wrong version number" error

Reply via email to