A possible solution to the below question that I asked was to create a 64B/512b PSK and sharing that with the server -- then the next issue surface when trying to connect TLS - Close Notify ( I believe from the server's side)
Also I changed to: sslVersionMin = TLSv1.2 sslVersionMax = TLSv1.2 And if it was not belfore: client = yes On Fri, May 12, 2023 at 8:32 AM <trashra...@gmail.com> wrote: > I get the following error running 'sudo service stunnel4 status' : > > LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL > routines:ssl3_get_record:wrong version number > > is that merely a mismatch between openSSL versions used by client and > server? > > I have tried changing the config file options, also with no specification > since the default according to stunnel.org is: > > options = NO_SSLv2 > options = NO_SSLv3 > > I have tried (service level option): > sslVersion = TLSv1 > > Same error. When running sudo service stunnel4 status after start: > > May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Threading:PTHREAD > Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP > May 12 08:22:45 user-Linux stunnel4[16616]: Starting TLS tunnels: > /etc/stunnel/stunnel.conf: started > May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Reading > configuration from file /etc/stunnel/stunnel.conf > May 12 08:22:45 user-Linux systemd[1]: Started LSB: Start or stop > stunnel 4.x (TLS tunnel for network daemons). > May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: UTF-8 byte order > mark not detected > May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: FIPS mode disabled > May 12 08:22:45 user-Linux stunnel[16630]: LOG4[ui]: Insecure file > permissions on /var/lib/stunnel4/psk.txt > May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Configuration > successful > May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Switched to > chroot directory: /var/lib/stunnel4/ > May 12 08:22:45 user-Linux stunnel[16632]: LOG5[cron]: Updating DH > parameters > > After trying to make a connection via FIX connection: > > May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service > [**redacted**] started > May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Setting local > socket options (FD=3) > May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Option TCP_NODELAY > set on local socket > May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Service > [**redacted**] accepted connection from 127.0.0.1:51954 > May 12 08:28:04 user-Linux stunnel[16798]: LOG6[0]: Peer certificate > not required > May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: TLS state > (accept): before SSL initialization > May 12 08:28:04 user-Linux stunnel[16798]: LOG3[0]: SSL_accept: > ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL > routines:ssl3_get_record:wrong version number > May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Connection reset: > 0 byte(s) sent to TLS, 0 byte(s) sent to socket > May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Local descriptor > (FD=3) closed > May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service > [**redacted**] finished (0 left) > _______________________________________________ > stunnel-users mailing list -- stunnel-users@stunnel.org > To unsubscribe send an email to stunnel-users-le...@stunnel.org >
_______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-le...@stunnel.org