ssl3_get_record:wrong version number
Hello, what I´m trying to accomplish is to build a secure RDP Connection between my Laptop and a Server, which are in the same Network but as RDP in itself is not secure enough I need the stunnel encryption. As of now I can establish a connection but as soon as I try to start an RDP Connection I get the following message: SSL_accept: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number I tried serveral things for example: sslVersion = all options = NO_SSLv2 Sadly this doesn´t work either as I get a different error after that. This is pretty much the config for both Server and Client. ; R.B. Konfiguration HMailServer InvNr. 4522 RDP Zugriff mit STunnel-Verschlüsselung [RDP-SSL] CAfile = certs.pem accept = 9000 connect = 3389 ;verify = 4 verifyPeer = yes verifyChain = no sslVersion = all cert = stunnel.pem I exchanged the certificates between the Server and the Laptop but can´t establish a connection to get a RDP Session going. Hope someone can help me. Kind regards. F.Moellers Mit freundlichen Grüßen IT-Abteilung Jugendhilfe Köln e.V. Christianstr. 82 50825 Köln Tel. (0221) 54600-177 <mailto:it@jugendhilfe-koeln.de> it@jugendhilfe-koeln.de <http://www.jugendhilfe-koeln.de> www.jugendhilfe-koeln.de Geschäftsführerin: Almut Gross - Amtsgericht Köln VR 7348 Vorstandsvorsitzende: Dr. Agnes Klein
On Mon, Jan 07, 2019 at 02:53:24PM +0100, Moellers wrote:
Hello,
what I´m trying to accomplish is to build a secure RDP Connection between my Laptop and a Server, which are in the same Network but as RDP in itself is not secure enough I need the stunnel encryption.
So let's make sure that we are on the same page here. RDP is an unencrypted protocol (though it does have some TLS extensions, so maybe stunnel is not needed at all if your client can negotiate that, although I've had some problems with xfreerdp in that regard), so in order to connect from your laptop to an RDP server you will need two stunnel instances: - one in your laptop running in client mode ("client = yes"), accepting unencrypted connections on, say, port 3389, and connecting to the other stunnel instance - one on the RDP server running in server mode (no "client = yes" line), accepting connections on the same port the other stunnel instance is configured to connect to and connecting to port 3389 of its local server Is this how you have them configured? Pay particular attention to the "client = yes/no" setting and the port numbers for each stunnel instance. Once you have that, you should be able to establish an unencrypted connection to the stunnel instance running on your laptop and listening on port 3389, then it should establish an encrypted connection to the other stunnel instance, then the latter should establish an unencrypted connection to the actual RDP server.
As of now I can establish a connection but as soon as I try to start an RDP Connection I get the following message:
SSL_accept: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
This may sometimes indicate stunnel trying to establish an encrypted connection or to listen for an encrypted connection, and somebody else sending unencrypted data to it. Can you double-check your configuration as per my notes above? Hope that helps at least a bit! G'luck, Peter -- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
participants (2)
-
Moellers -
Peter Pentchev