[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: [stunnel-users] Re: ssl3 wrong version number
From: d3rIIIe15ter Tier <trashrap22 () gmail ! com>
Date: 2023-05-18 15:06:50
Message-ID: CAMQHpSjV1z5OHNUc6rb=n2jB+5-dMcsJg9s0Db0nbEvVPvx2hw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
A possible solution to the below question that I asked was to create a
64B/512b PSK and sharing that with the server -- then the next issue
surface when trying to connect TLS - Close Notify ( I believe from the
server's side)
Also I changed to:
sslVersionMin = TLSv1.2
sslVersionMax = TLSv1.2
And if it was not belfore:
client = yes
On Fri, May 12, 2023 at 8:32 AM <trashrap22@gmail.com> wrote:
> I get the following error running 'sudo service stunnel4 status' :
>
> LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
> routines:ssl3_get_record:wrong version number
>
> is that merely a mismatch between openSSL versions used by client and
> server?
>
> I have tried changing the config file options, also with no specification
> since the default according to stunnel.org is:
>
> options = NO_SSLv2
> options = NO_SSLv3
>
> I have tried (service level option):
> sslVersion = TLSv1
>
> Same error. When running sudo service stunnel4 status after start:
>
> May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Threading:PTHREAD
> Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
> May 12 08:22:45 user-Linux stunnel4[16616]: Starting TLS tunnels:
> /etc/stunnel/stunnel.conf: started
> May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Reading
> configuration from file /etc/stunnel/stunnel.conf
> May 12 08:22:45 user-Linux systemd[1]: Started LSB: Start or stop
> stunnel 4.x (TLS tunnel for network daemons).
> May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: UTF-8 byte order
> mark not detected
> May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: FIPS mode disabled
> May 12 08:22:45 user-Linux stunnel[16630]: LOG4[ui]: Insecure file
> permissions on /var/lib/stunnel4/psk.txt
> May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Configuration
> successful
> May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Switched to
> chroot directory: /var/lib/stunnel4/
> May 12 08:22:45 user-Linux stunnel[16632]: LOG5[cron]: Updating DH
> parameters
>
> After trying to make a connection via FIX connection:
>
> May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service
> [**redacted**] started
> May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Setting local
> socket options (FD=3)
> May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Option TCP_NODELAY
> set on local socket
> May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Service
> [**redacted**] accepted connection from 127.0.0.1:51954
> May 12 08:28:04 user-Linux stunnel[16798]: LOG6[0]: Peer certificate
> not required
> May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: TLS state
> (accept): before SSL initialization
> May 12 08:28:04 user-Linux stunnel[16798]: LOG3[0]: SSL_accept:
> ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
> routines:ssl3_get_record:wrong version number
> May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Connection reset:
> 0 byte(s) sent to TLS, 0 byte(s) sent to socket
> May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Local descriptor
> (FD=3) closed
> May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service
> [**redacted**] finished (0 left)
> _______________________________________________
> stunnel-users mailing list -- stunnel-users@stunnel.org
> To unsubscribe send an email to stunnel-users-leave@stunnel.org
>
[Attachment #5 (text/html)]
<div dir="ltr"><div>A possible solution to the below question that I asked was to \
create a 64B/512b PSK and sharing that with the server -- then the next issue surface \
when trying to connect TLS - Close Notify ( I believe from the server's \
side)</div><div><br></div><div>Also I changed to:</div><div>sslVersionMin = \
TLSv1.2</div><div>sslVersionMax = TLSv1.2</div><div>And if it was not \
belfore:</div><div><br></div><div>client = yes<br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 12, 2023 at \
8:32 AM <<a href="mailto:trashrap22@gmail.com" \
target="_blank">trashrap22@gmail.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">I get the following error running 'sudo \
service stunnel4 status' :<br> <br>
LOG3[0]: SSL_accept: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL \
routines:ssl3_get_record:wrong version number<br> <br>
is that merely a mismatch between openSSL versions used by client and server?<br>
<br>
I have tried changing the config file options, also with no specification since the \
default according to <a href="http://stunnel.org" rel="noreferrer" \
target="_blank">stunnel.org</a> is:<br> <br>
options = NO_SSLv2<br>
options = NO_SSLv3<br>
<br>
I have tried (service level option):<br>
sslVersion = TLSv1<br>
<br>
Same error. When running sudo service stunnel4 status after start:<br>
<br>
May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Threading:PTHREAD \
Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI \
Auth:LIBWRAP<br>
May 12 08:22:45 user-Linux stunnel4[16616]: Starting TLS tunnels: \
/etc/stunnel/stunnel.conf: started<br>
May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Reading configuration from \
file /etc/stunnel/stunnel.conf<br>
May 12 08:22:45 user-Linux systemd[1]: Started LSB: Start or stop stunnel 4.x \
(TLS tunnel for network daemons).<br>
May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: UTF-8 byte order mark not \
detected<br>
May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: FIPS mode disabled<br>
May 12 08:22:45 user-Linux stunnel[16630]: LOG4[ui]: Insecure file permissions \
on /var/lib/stunnel4/psk.txt<br>
May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Configuration \
successful<br>
May 12 08:22:45 user-Linux stunnel[16630]: LOG5[ui]: Switched to chroot \
directory: /var/lib/stunnel4/<br>
May 12 08:22:45 user-Linux stunnel[16632]: LOG5[cron]: Updating DH \
parameters<br> <br>
After trying to make a connection via FIX connection:<br>
<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service [**redacted**] \
started<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Setting local socket \
options (FD=3)<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Option TCP_NODELAY set on \
local socket<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Service [**redacted**] \
accepted connection from <a href="http://127.0.0.1:51954" rel="noreferrer" \
target="_blank">127.0.0.1:51954</a><br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG6[0]: Peer certificate not \
required<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: TLS state (accept): before \
SSL initialization<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG3[0]: SSL_accept: \
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong \
version number<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG5[0]: Connection reset: 0 byte(s) \
sent to TLS, 0 byte(s) sent to socket<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Local descriptor (FD=3) \
closed<br>
May 12 08:28:04 user-Linux stunnel[16798]: LOG7[0]: Service [**redacted**] \
finished (0 left)<br> _______________________________________________<br>
stunnel-users mailing list -- <a href="mailto:stunnel-users@stunnel.org" \
target="_blank">stunnel-users@stunnel.org</a><br> To unsubscribe send an email to <a \
href="mailto:stunnel-users-leave@stunnel.org" \
target="_blank">stunnel-users-leave@stunnel.org</a><br> </blockquote></div>
_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-leave@stunnel.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic