[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: [stunnel-users] =?iso-8859-1?q?R=E9f=2E_=3A__Re=3A__need_help_err?=
From: laurent.uk () bnpparibas ! com
Date: 2011-05-03 15:48:11
Message-ID: OFEAFDFAAF.9779B8F2-ONC1257885.00568C3E-C1257885.0056CF37 () bnpparibas ! com
[Download RAW message or body]
Message en plusieurs parties au format MIME
Message en plusieurs parties au format MIME
--=_alternative 0056CF34C1257885_Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
Dear Jose,
here is the configuration file of my stunnel :
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular
configuration
; Please make sure you understand them (especially the effect of chroot
jail)
; Certificate/key is needed in server mode and optional in client mode
cert = /opt/freeware/etc/stunnel/ca_nopass.pem
foreground = yes
syslog = yes
; Protocol version (all, SSLv2, SSLv3, TLSv1)
;sslVersion = SSLv2
sslVersion = all
;ciphers = DES-CBC-SHA
;ciphers = DES-CBC3-SHA:IDEA-CBC-MD5
; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /usr/local/stunnel/var/lib/stunnel
;chroot = /tmp/
;setuid = root
;setgid = other
; PID is created inside chroot jail
pid = /var/adm/stunnel_server_level1.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
;options = Options_SSL
; Authentication stuff
verify = 3
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
CApath = /opt/freeware/etc/stunnel/CA_files/
; It's often easier to use CAfile
;CAfile = /opt/freeware/etc/stunnel/ca.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
debug = 7
; Use it for client mode
client = no
; Service-level configuration
[pesitip]
accept = 10443
connect = XXXXXXX:10016
Thanks for your help.
Regards.
Laurent UK
Internet
josealf@rocketmail.com
03/05/2011 14:52
Veuillez répondre à
josealf@rocketmail.com
Pour
Laurent UK, stunnel-users-bounces@stunnel.org, stunnel-users@stunnel.org
cc
Objet
Re: [stunnel-users] need help error :SSL3_GET_RECORD:wrong versionnumber
with cipher DES-CBC-SHA
Laurent,
Can you post your configuration? For security, You should change the real
IPs (but not the ports) before posting.
You can check:
1. Does your stunnel client config has client=yes?
2. Does your stunnel server config has client=no
3. Check your packet flow, that is: your accept/connect settings.
Regards
Jose
-----Original Message-----
From: laurent.uk@bnpparibas.com
Sender: stunnel-users-bounces@stunnel.org
Date: Tue, 3 May 2011 14:16:09
To: <stunnel-users@stunnel.org>
Subject: [stunnel-users] need help error :SSL3_GET_RECORD:wrong version
number with cipher DES-CBC-SHA
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
This message and any attachments (the "message") is
intended solely for the addressees and is confidential.
If you receive this message in error, please delete it and
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message.
BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified.
Do not print this message unless it is necessary,
consider the environment.
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le
"message") sont etablis a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce
message par erreur, merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce
message non conforme a sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf
autorisation expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, BNP PARIBAS (et ses
filiales) decline(nt) toute responsabilite au titre de ce
message, dans l'hypothese ou il aurait ete modifie.
N'imprimez ce message que si necessaire,
pensez a l'environnement.
--=_alternative 0056CF34C1257885_Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="iso-8859-1"
<br><font size=2 face="sans-serif">Dear Jose,</font>
<br>
<br><font size=2 face="sans-serif">here is the configuration file of my
stunnel :</font>
<br>
<table border width=100%>
<tr valign=top>
<td width=100%><font size=2 face="sans-serif">; Sample stunnel configuration
file by Michal Trojnara 2002-2006</font>
<br><font size=2 face="sans-serif">; Some options used here may not be
adequate for your particular configuration</font>
<br><font size=2 face="sans-serif">; Please make sure you understand them
(especially the effect of chroot jail)</font>
<br>
<br><font size=2 face="sans-serif">; Certificate/key is needed in server
mode and optional in client mode</font>
<br><font size=2 face="sans-serif">cert = /opt/freeware/etc/stunnel/ca_nopass.pem</font>
<br><font size=2 face="sans-serif">foreground = yes</font>
<br><font size=2 face="sans-serif">syslog = yes</font>
<br><font size=2 face="sans-serif">; Protocol version (all, SSLv2, SSLv3,
TLSv1)</font>
<br><font size=2 face="sans-serif">;sslVersion = SSLv2</font>
<br><font size=2 face="sans-serif">sslVersion = all</font>
<br><font size=2 face="sans-serif">;ciphers = DES-CBC-SHA</font>
<br><font size=2 face="sans-serif">;ciphers = DES-CBC3-SHA:IDEA-CBC-MD5</font>
<br><font size=2 face="sans-serif">; Some security enhancements for UNIX
systems - comment them out on Win32</font>
<br><font size=2 face="sans-serif">;chroot = /usr/local/stunnel/var/lib/stunnel</font>
<br><font size=2 face="sans-serif">;chroot = /tmp/</font>
<br><font size=2 face="sans-serif">;setuid = root</font>
<br><font size=2 face="sans-serif">;setgid = other</font>
<br><font size=2 face="sans-serif">; PID is created inside chroot jail</font>
<br><font size=2 face="sans-serif">pid = /var/adm/stunnel_server_level1.pid</font>
<br>
<br><font size=2 face="sans-serif">; Some performance tunings</font>
<br><font size=2 face="sans-serif">socket = l:TCP_NODELAY=1</font>
<br><font size=2 face="sans-serif">socket = r:TCP_NODELAY=1</font>
<br><font size=2 face="sans-serif">;compression = rle</font>
<br>
<br><font size=2 face="sans-serif">; Workaround for Eudora bug</font>
<br><font size=2 face="sans-serif">;options = DONT_INSERT_EMPTY_FRAGMENTS</font>
<br><font size=2 face="sans-serif">;options = Options_SSL</font>
<br><font size=2 face="sans-serif">; Authentication stuff</font>
<br><font size=2 face="sans-serif">verify = 3</font>
<br><font size=2 face="sans-serif">; Don't forget to c_rehash CApath</font>
<br><font size=2 face="sans-serif">; CApath is located inside chroot jail</font>
<br><font size=2 face="sans-serif">CApath = /opt/freeware/etc/stunnel/CA_files/</font>
<br><font size=2 face="sans-serif">; It's often easier to use CAfile</font>
<br><font size=2 face="sans-serif">;CAfile = /opt/freeware/etc/stunnel/ca.pem</font>
<br><font size=2 face="sans-serif">; Don't forget to c_rehash CRLpath</font>
<br><font size=2 face="sans-serif">; CRLpath is located inside chroot jail</font>
<br><font size=2 face="sans-serif">;CRLpath = /crls</font>
<br><font size=2 face="sans-serif">; Alternatively you can use CRLfile</font>
<br><font size=2 face="sans-serif">;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem</font>
<br>
<br><font size=2 face="sans-serif">; Some debugging stuff useful for troubleshooting</font>
<br><font size=2 face="sans-serif">debug = 7</font>
<br>
<br><font size=2 face="sans-serif">; Use it for client mode</font>
<br><font size=2 face="sans-serif">client = no</font>
<br><font size=2 face="sans-serif">; Service-level configuration</font>
<br>
<br><font size=2 face="sans-serif">[pesitip]</font>
<br><font size=2 face="sans-serif">accept = 10443</font>
<br><font size=2 face="sans-serif">connect = XXXXXXX:10016</font></table>
<br>
<br><font size=2 face="sans-serif">Thanks for your help.</font>
<br>
<br><font size=2 face="sans-serif">Regards.<br>
<br>
Laurent UK<br>
<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=39%><font size=4 face="helv"><b>Internet </b></font>
<br><font size=1 face="sans-serif"><b>josealf@rocketmail.com</b></font>
<p><font size=1 face="sans-serif">03/05/2011 14:52</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Veuillez répondre à<br>
josealf@rocketmail.com</font></div></table>
<br>
<td width=60%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Pour</font></div>
<td><font size=1 face="sans-serif">Laurent UK, stunnel-users-bounces@stunnel.org,
stunnel-users@stunnel.org</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Objet</font></div>
<td><font size=1 face="sans-serif">Re: [stunnel-users] need help error
:SSL3_GET_RECORD:wrong versionnumber with cipher DES-CBC-SHA</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>Laurent,<br>
<br>
Can you post your configuration? For security, You should change the real
IPs (but not the ports) before posting.<br>
<br>
You can check:<br>
<br>
1. Does your stunnel client config has client=yes?<br>
2. Does your stunnel server config has client=no<br>
3. Check your packet flow, that is: your accept/connect settings.<br>
<br>
Regards<br>
Jose<br>
-----Original Message-----<br>
From: laurent.uk@bnpparibas.com<br>
Sender: stunnel-users-bounces@stunnel.org<br>
Date: Tue, 3 May 2011 14:16:09 <br>
To: <stunnel-users@stunnel.org><br>
Subject: [stunnel-users] need help error :SSL3_GET_RECORD:wrong version<br>
number with cipher DES-CBC-SHA<br>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
stunnel-users@stunnel.org<br>
http://stunnel.mirt.net/mailman/listinfo/stunnel-users<br>
<br>
<br>
<br>
</tt></font>
<br><font face="monospace"><br>
<br>
<br>
<br>
This message and any attachments (the "message") is<br>
intended solely for the addressees and is confidential. <br>
If you receive this message in error, please delete it and <br>
immediately notify the sender. Any use not in accord with <br>
its purpose, any dissemination or disclosure, either whole <br>
or partial, is prohibited except formal approval. The internet<br>
can not guarantee the integrity of this message. <br>
BNP PARIBAS (and its subsidiaries) shall (will) not <br>
therefore be liable for the message if modified. <br>
Do not print this message unless it is necessary,<br>
consider the environment.<br>
<br>
---------------------------------------------<br>
<br>
Ce message et toutes les pieces jointes (ci-apres le <br>
"message") sont etablis a l'intention exclusive de ses <br>
destinataires et sont confidentiels. Si vous recevez ce <br>
message par erreur, merci de le detruire et d'en avertir <br>
immediatement l'expediteur. Toute utilisation de ce <br>
message non conforme a sa destination, toute diffusion <br>
ou toute publication, totale ou partielle, est interdite, sauf <br>
autorisation expresse. L'internet ne permettant pas <br>
d'assurer l'integrite de ce message, BNP PARIBAS (et ses<br>
filiales) decline(nt) toute responsabilite au titre de ce <br>
message, dans l'hypothese ou il aurait ete modifie.<br>
N'imprimez ce message que si necessaire,<br>
pensez a l'environnement.</font>
--=_alternative 0056CF34C1257885_=--
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic