Because I am using PSK and now
the connection fails unless I disable TLS 1.3: >> 2018.12.03 10:39:36 LOG3[1]: SSL_accept: 141F9044:
error:141F9044:SSL routines:tls_parse_ctos_psk:internal error
Hello,
I was able to replicate this error with OpenSSL-1.1.1 without stunnel.
It looks like the problem is caused by a long key.
I recommend upgrading the openssl version or shortening the key.
sh-4.3$ LD_LIBRARY_PATH=/opt/openssl-1.1.1/lib
/opt/openssl-1.1.1/bin/openssl s_server -accept 4433 -psk
36666861354f6a4d6d47326a43367a3354457945306645416f314a436d6a4837763873475074346b52664d464a6c4b547877654f664248683970727075454a35764e4b3066350a
-nocert
Using default temp DH parameters
ACCEPT
ERROR
140097028679296:error:141F906E:SSL routines:tls_parse_ctos_psk:bad
extension:ssl/statem/extensions_srvr.c:1085:
shutting down SSL
CONNECTION CLOSED
sh-4.3$ LD_LIBRARY_PATH=/opt/openssl-1.1.1a/lib
/opt/openssl-1.1.1a/bin/openssl s_client -connect 127.0.0.1:4433 -psk
36666861354f6a4d6d47326a43367a3354457945306645416f314a436d6a4837763873475074346b52664d464a6c4b547877654f664248683970727075454a35764e4b3066350a
CONNECTED(00000003)
140341717808832:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert
internal error:ssl/record/rec_layer_s3.c:1528:SSL alert number 80
But it works with TLS 1.2:
sh-4.3$ LD_LIBRARY_PATH=/opt/openssl-1.1.1a/lib
/opt/openssl-1.1.1a/bin/openssl s_client -connect 127.0.0.1:4433 -psk
36666861354f6a4d6d47326a43367a3354457945306645416f314a436d6a4837763873475074346b52664d464a6c4b547877654f664248683970727075454a35764e4b3066350a
-tls1_2
CONNECTED(00000003)
Best regards,
Małgorzata Olszówka
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
