[stunnel-users] error:0A000438:SSL routines::tlsv1 alert internal error

Wed, 21 Sep 2022 06:52:58 -0700 

Hello,
I am trying to use the xvncviewer on Ubuntu by VNC over stunnel,
it will connect failed and print "xvncviewer: read: Connection reset by peer".
The LOG on VNC server is here:

2012.01.01 00:21:58 LOG7[1]: Initializing application specific data for session 
authenticated
2012.01.01 00:21:58 LOG7[1]: SNI: no virtual services defined
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS read client hello
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write server hello
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write certificate
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write key exchange
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write certificate 
request
2012.01.01 00:21:58 LOG7[1]: TLS state (accept): SSLv3/TLS write server done
2012.01.01 00:21:58 LOG7[1]: TLS alert (read): fatal: internal error
2012.01.01 00:21:58 LOG3[1]: SSL_accept: ssl/record/rec_layer_s3.c:1584: 
error:0A000438:SSL routines::tlsv1 alert internal error
2012.01.01 00:21:58 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) 
sent to socket
2012.01.01 00:21:58 LOG7[1]: Deallocating application specific data for session 
connect address
2012.01.01 00:21:58 LOG7[1]: Local descriptor (FD=3) closed
2012.01.01 00:21:58 LOG7[1]: Service [vnc] finished (0 left)

I am running Stunnel 5.63
Here is the configuration currently:

stunnel.conf on VNC client:

cert = /home/server.pem

key = /home/privkey.pem

[VNC]

client = yes

accept = 127.0.0.1:5901

connect = 172.31.100.121:5901

sslVersion = all
verifyChain = yes

CAfile = /home/server.pem

checkIP = 172.31.100.121

stunnel.conf on VNC server:

cert = /conf/server.pem
;key =  /conf/certs/privkey.pem

setuid = stunnel4
setgid = stunnel4

pid = /var/run/stunnel.pid

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
socket = a:TCP_NODELAY=1

debug = 7
foreground = yes

client =  no

ciphers=AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
sslVersion = TLSv1.2

[vnc]
accept = :::5901
connect = 5900
verify = 3
CAfile = /conf/server.pem


Is this something I can remedy from the configuration, or is this something 
that requires
modification?

Thank you 
Johan
_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-le...@stunnel.org

Reply via email to