'[stunnel-users] What is the difference between "all" and "SSLv3"'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       stunnel-users
Subject:    [stunnel-users] What is the difference between "all" and "SSLv3"
From:       Christopher Hunt <huntc () internode ! on ! net>
Date:       2008-09-14 6:12:51
Message-ID: 138DC465-F6A7-4A87-8C61-92F52F86FFC1 () internode ! on ! net
[Download RAW message or body]

Hi there,

I would like to understand the difference between specifying an  
sslVersion of "all" vs "SSLv3" when I see that the client is  
attempting SSLv3.

I have a Java 1.5 ssl client connecting to an stunnel endpoint. If I  
specify an sslVersion of "all" in my stunnel configuration then the  
client is able to connect. When I see it connect, it appears to have  
connected as SSLv3 i.e.:

2008.09.14 15:59:20 LOG7[98326:2690846624]: https accepted FD=12 from  
127.0.0.1:59812
2008.09.14 15:59:20 LOG7[98326:2952859648]: https started
2008.09.14 15:59:20 LOG7[98326:2952859648]: FD 12 in non-blocking mode
2008.09.14 15:59:20 LOG7[98326:2952859648]: TCP_NODELAY option set on  
local socket
2008.09.14 15:59:20 LOG7[98326:2952859648]: Waiting for a libwrap  
process
2008.09.14 15:59:20 LOG7[98326:2952859648]: Acquired libwrap process #0
2008.09.14 15:59:20 LOG7[98326:2952859648]: Releasing libwrap process #0
2008.09.14 15:59:20 LOG7[98326:2952859648]: Released libwrap process #0
2008.09.14 15:59:20 LOG7[98326:2952859648]: https permitted by libwrap  
from 127.0.0.1:59812
2008.09.14 15:59:20 LOG5[98326:2952859648]: https accepted connection  
from 127.0.0.1:59812
2008.09.14 15:59:20 LOG7[98326:2952859648]: SSL state (accept): before/ 
accept initialization
2008.09.14 15:59:21 LOG7[98326:2952859648]: SSL state (accept): SSLv3  
read client hello A

etc.

If I substitute "SSLv3" for the value of sslVersion then I get:

2008.09.14 15:56:26 LOG7[98297:2690846624]: https accepted FD=12 from  
127.0.0.1:59795
2008.09.14 15:56:26 LOG7[98297:2952859648]: https started
2008.09.14 15:56:26 LOG7[98297:2952859648]: FD 12 in non-blocking mode
2008.09.14 15:56:26 LOG7[98297:2952859648]: TCP_NODELAY option set on  
local socket
2008.09.14 15:56:26 LOG7[98297:2952859648]: Waiting for a libwrap  
process
2008.09.14 15:56:26 LOG7[98297:2952859648]: Acquired libwrap process #0
2008.09.14 15:56:26 LOG7[98297:2952859648]: Releasing libwrap process #0
2008.09.14 15:56:26 LOG7[98297:2952859648]: Released libwrap process #0
2008.09.14 15:56:26 LOG7[98297:2952859648]: https permitted by libwrap  
from 127.0.0.1:59795
2008.09.14 15:56:26 LOG5[98297:2952859648]: https accepted connection  
from 127.0.0.1:59795
2008.09.14 15:56:26 LOG7[98297:2952859648]: SSL state (accept): before/ 
accept initialization
2008.09.14 15:56:27 LOG3[98297:2952859648]: SSL_accept: 1408F10B:  
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

I have also tried specifying "SSLv2" (client disconnected complaining  
that v2 was not supported) and "TLSv1" (yields the same error as  
"SSLv3".

My version of stunnel is:

stunnel 4.25 on i686-apple-darwin9.4.0 with OpenSSL 0.9.7l 28 Sep 2006

Thank you in advance for any explanation on the difference between  
"all" and "SSLv3".

Kind regards,
Christopher
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread] 