control: tag -1 + confirmed On Thu, Jan 05, 2017 at 07:47:05PM +0100, Gilles Filippini wrote: > Package: stunnel4 > Version: 3:5.38-1 > Severity: important > > Hi, > > I use stunnel4 to tunnel SSH over SSL, and I experience daily failures > triggered by shadowserver.org port scanning [1][2]. Here is the pattern from > journalctl: > > janv. 04 14:53:55 maison stunnel[13384]: LOG5[6]: Service [ssh] accepted > connection from 216.218.206.66:17748 > janv. 04 14:53:56 maison stunnel[13384]: LOG3[6]: SSL_accept: 1417D18C: > error:1417D18C:SSL routines:tls_process_client_hello:version too low > janv. 04 14:53:56 maison stunnel[13384]: LOG5[6]: Connection reset: 0 byte(s) > sent to SSL, 0 byte(s) sent to socket > janv. 04 14:54:51 maison stunnel[13384]: LOG5[7]: Service [ssh] accepted > connection from 216.218.206.66:6922 > janv. 04 14:54:51 maison stunnel[13384]: LOG3[7]: SSL_accept: 1417A0C1: > error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher > janv. 04 14:54:51 maison stunnel[13384]: LOG5[7]: Connection reset: 0 byte(s) > sent to SSL, 0 byte(s) sent to socket > janv. 04 14:54:51 maison kernel: traps: stunnel4[12705] trap stack segment > ip:7f310cea5c4a sp:7f310d65bb20 error:0 in libcrypto.so.1.1[7f310cdff000+26 [snip] > After each of these failures stunnel isn't running anymore and systemd > doesn't know it has to restart it, because 'systemctl status' says: 'active > (exited)'. But this one is related to #826883.
Yeah, I'll come back to the systemd service file issue later this week. Okay, I was able to reproduce the problem, I'm looking into it now. Thanks for filing this bug report! G'luck, Peter -- Peter Pentchev [email protected] [email protected] [email protected] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
