Re: stunnel
On Thu, Apr 08, 1999 at 10:34:52AM -0400, Tim Pass the Prozac Sailer wrote:
> rsmb00:/usr/lib/ssl/bin# ./s_client -ssl3 -connect rsmb00:901
> CONNECTED(00000003)
>
> [machine identifying stuff removed]
>
> 9194:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:789:SSL alert number 40
> 9194:error:1409E0E1:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:461:
> rsmb00:/usr/lib/ssl/bin#
If you specify the cipher it works: I used s_client -cipher EXP-RC4-MD5 ...
Maybe it's a bug in s_client (it's a really basic client).
> Is there anyway to get it to talk ssl3? If I use a browser to attach to the
> port, I get this:
>
> Apr 8 10:36:21 rsmb00 stunnel[9197]: /usr/sbin/swat connected from 1xx.1xx.xxx.xxx:3280
> Apr 8 10:36:21 rsmb00 stunnel[9197]: SSL_accept: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:http request
I don't use swat, but stunnelling apache works here:
stunnel[5019]: SSLv3 opened for /usr/sbin/apache, cipher EXP-RC4-MD5 (128 bit)
stunnel[5019]: Connection closed: 310 bytes in, 17455 bytes out
and in /etc/inetd.conf:
https stream tcp nowait root /usr/sbin/stunnel /usr/sbin/apache -f /etc/apache/https.conf
lupus (using stunnel version 2.1-2)
--
-----------------------------------------------------------------
lupus@debian.org debian/rules
Reply to:
- References:
- stunnel
- From: "Tim \(Pass the Prozac\) Sailer" <sailer@sailer.rhic.bnl.gov>