-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Dec 18, 2014, at 08:27, H.U.Flück <huf@inomatix.com> wrote: The error thrown is something like: Dec 17 17:30:23 srvabas stunnel: LOG3[3385:140171595282368]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
What are we missing? Do we need to change the configuration?
I downloaded the source packages to identify the exact change they made. The only difference between the previous and the updated version is that the new one configures stunnel with: configure --enable-fips --enable-ipv6 \ CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'" rather than: configure --disable-fips --enable-ipv6 \ CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'" The update doesn't change anything in the source code of stunnel. In stunnel 4.x FIPS mode is enabled by default. You may disable it with "fips = no". In order to get your configuration working without disabling FIPS mode you may also try "sslVersion = TLSv1". Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlSXEOoACgkQ/NU+nXTHMtFBIgCaAth7QWGcFm4kaCNtqW70mQcC RKEAoN8i3Eb+bf9Qy0zWiITVX2hGYY/z =5kyW -----END PGP SIGNATURE-----