stunnel error: sslv3 alert illegal parameter
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
stunnel4 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: stunnel4
I'm having trouble connecting to my stunnel server. Both the client and server are running Ubuntu stunnel4. The connection log (from the server) is as follows:
sshd accepted FD=8 from [censored]:35982
sshd started
FD 8 in non-blocking mode
TCP_NODELAY option set on local socket
FD 9 in non-blocking mode
FD 10 in non-blocking mode
Cleaning up the signal pipe
Connection from [censored]:35982 permitted by libwrap
sshd accepted connection from [censored]:35982
Child process 10251 finished with code 0
SSL state (accept): before/accept initialization
SSL state (accept): SSLv3 read client hello A
SSL state (accept): SSLv3 write server hello A
SSL state (accept): SSLv3 write certificate A
SSL state (accept): SSLv3 write certificate request A
SSL state (accept): SSLv3 flush data
SSL alert (read): fatal: illegal parameter
SSL_accept: 14094417: error:14094417:SSL routines:
Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
sshd finished (0 left)
And from the client:
Snagged 64 random bytes from /path/to/.rnd
Wrote 1024 new random bytes to /path/to/.rnd
RAND_status claims sufficient
entropy for the PRNG
PRNG seeded successfully
Certificate: /path/to/
Certificate loaded
Key file: /path/to/
Private key loaded
Loaded verify certificates from /path/to/
Loaded /path/to/
SSL context initialized for service stunnel
ssh_exchange_
Again, both server and client have the latest Ubuntu stunnel4 package installed:
>$cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_
DISTRIB_
DISTRIB_
>$ /usr/sbin/stunnel -version
stunnel 4.20 on i486-pc-linux-gnu with OpenSSL 0.9.8e 23 Feb 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /var/run/
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/stunnel/
ciphers = ALL:!ADH:
key = /etc/stunnel/
session = 300 seconds
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
>$ apt-cache policy stunnel4
stunnel4:
Installed: 3:4.20-2ubuntu1
Candidate: 3:4.20-2ubuntu1
Version table:
*** 3:4.20-2ubuntu1 0
500 http://
100 /var/lib/
I am able to connect to the server using other (non-Ubuntu) stunnel clients. I have a feeling this problem is OpenSSL related as those clients did not run the same OpenSSL version (unfortunately, I don't have "good" version numbers).
Because I haven't gotten any comments on this, I'm wondering whether or not I posted in the right place and reported it in the correct fashion? ANY correspondence would be appreciated.