Public bug reported:
Binary package hint: stunnel4
I'm having trouble connecting to my stunnel server. Both the client and
server are running Ubuntu stunnel4. The connection log (from the server)
is as follows:
sshd accepted FD=8 from [censored]:35982
sshd started
FD 8 in non-blocking mode
TCP_NODELAY option set on local socket
FD 9 in non-blocking mode
FD 10 in non-blocking mode
Cleaning up the signal pipe
Connection from [censored]:35982 permitted by libwrap
sshd accepted connection from [censored]:35982
Child process 10251 finished with code 0
SSL state (accept): before/accept initialization
SSL state (accept): SSLv3 read client hello A
SSL state (accept): SSLv3 write server hello A
SSL state (accept): SSLv3 write certificate A
SSL state (accept): SSLv3 write certificate request A
SSL state (accept): SSLv3 flush data
SSL alert (read): fatal: illegal parameter
SSL_accept: 14094417: error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert
illegal parameter
Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
sshd finished (0 left)
And from the client:
Snagged 64 random bytes from /path/to/.rnd
Wrote 1024 new random bytes to /path/to/.rnd
RAND_status claims sufficient
entropy for the PRNG
PRNG seeded successfully
Certificate: /path/to/.stunnel/certificates/host.crt
Certificate loaded
Key file: /path/to/.stunnel/keys/host.key
Private key loaded
Loaded verify certificates from /path/to/.stunnel/certificates/cert.crt
Loaded /path/to/.stunnel/certificates/cert.crt revocation lookup file
SSL context initialized for service stunnel
ssh_exchange_identification: Connection closed by remote host
Again, both server and client have the latest Ubuntu stunnel4 package
installed:
>$cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=7.10
DISTRIB_CODENAME=gutsy
DISTRIB_DESCRIPTION="Ubuntu 7.10"
>$ /usr/sbin/stunnel -version
stunnel 4.20 on i486-pc-linux-gnu with OpenSSL 0.9.8e 23 Feb 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /var/run/stunnel4.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
key = /etc/stunnel/stunnel.pem
session = 300 seconds
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
>$ apt-cache policy stunnel4
stunnel4:
Installed: 3:4.20-2ubuntu1
Candidate: 3:4.20-2ubuntu1
Version table:
*** 3:4.20-2ubuntu1 0
500 http://us.archive.ubuntu.com gutsy/universe Packages
100 /var/lib/dpkg/status
I am able to connect to the server using other (non-Ubuntu) stunnel
clients. I have a feeling this problem is OpenSSL related as those
clients did not run the same OpenSSL version (unfortunately, I don't
have "good" version numbers).
** Affects: stunnel4 (Ubuntu)
Importance: Undecided
Status: New
--
stunnel error: sslv3 alert illegal parameter
https://bugs.launchpad.net/bugs/201840
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
