I am having problems connecting to stunnel and was hoping someone
could help me.

I am trying to getting SSL "wrong version number" errors when I try
to send mail through an SSL proxy called Stunnel to my mail server.

Can anyone tell me what this SSL error means and how I can fix it?

When starting stunnel and then trying to send an SSL-encrypted email
through it I get:

$ sudo /usr/local/sbin/stunnel /sw/etc/stunnel/stunnel.conf -D 465 -r 25
2006.10.04 11:03:28 LOG7[29230:2684415368]: Snagged 64 random bytes
from /Users/jlbrown/.rnd
2006.10.04 11:03:28 LOG7[29230:2684415368]: Wrote 1024 new random
bytes to /Users/jlbrown/.rnd
2006.10.04 11:03:28 LOG7[29230:2684415368]: RAND_status claims
sufficient entropy for the PRNG
2006.10.04 11:03:28 LOG7[29230:2684415368]: PRNG seeded successfully
2006.10.04 11:03:28 LOG7[29230:2684415368]: Certificate: /Users/
jlbrown/%1.pem
2006.10.04 11:03:28 LOG7[29230:2684415368]: Certificate loaded
2006.10.04 11:03:28 LOG7[29230:2684415368]: Key file: /Users/jlbrown/%
1.pem
2006.10.04 11:03:28 LOG7[29230:2684415368]: Private key loaded
2006.10.04 11:03:28 LOG7[29230:2684415368]: SSL context initialized
for service ssmtp
2006.10.04 11:03:28 LOG5[29230:2684415368]: stunnel 4.18 on powerpc-
apple-darwin8.8.0 with OpenSSL 0.9.7i 14 Oct 2005
2006.10.04 11:03:28 LOG5[29230:2684415368]: Threading:PTHREAD
SSL:ENGINE Sockets:SELECT,IPv4 Auth:LIBWRAP
2006.10.04 11:03:28 LOG6[29230:2684415368]: file ulimit = 256 (can be
changed with 'ulimit -n')
2006.10.04 11:03:28 LOG6[29230:2684415368]: FD_SETSIZE = 1024 (some
systems allow to increase this value)
2006.10.04 11:03:28 LOG5[29230:2684415368]: 125 clients allowed
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 6 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 7 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: FD 8 in non-blocking mode
2006.10.04 11:03:28 LOG7[29230:2684415368]: SO_REUSEADDR option set
on accept socket
2006.10.04 11:03:28 LOG7[29230:2684415368]: ssmtp bound to 0.0.0.0:465
James-Browns-Computer-2:~/stunnel-4.18 jlbrown$ 2006.10.04 11:03:28
LOG7[29231:2684415368]: Created pid file /usr/local/var/run/stunnel/
stunnel.pid
2006.10.04 11:08:08 LOG7[29231:2684415368]: ssmtp accepted FD=9 from
127.0.0.1:64235
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp started
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 9 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: TCP_NODELAY option set on
local socket
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 10 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 11 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: Connection from
127.0.0.1:64235 permitted by libwrap
2006.10.04 11:08:08 LOG5[29231:25188864]: ssmtp connected from
127.0.0.1:64235
2006.10.04 11:08:08 LOG7[29231:2684415368]: Cleaning up the signal pipe
2006.10.04 11:08:08 LOG7[29231:25188864]: FD 10 in non-blocking mode
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp connecting 127.0.0.1:25
2006.10.04 11:08:08 LOG7[29231:25188864]: connect_wait: waiting 10
seconds
2006.10.04 11:08:08 LOG6[29231:2684415368]: Child process 29421
finished with code 0
2006.10.04 11:08:08 LOG7[29231:25188864]: connect_wait: connected
2006.10.04 11:08:08 LOG7[29231:25188864]: Remote FD=10 initialized
2006.10.04 11:08:08 LOG7[29231:25188864]: TCP_NODELAY option set on
remote socket
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL state (connect): before/
connect initialization
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL state (connect): SSLv3
write client hello A
2006.10.04 11:08:08 LOG7[29231:25188864]: SSL alert (write): fatal:
handshake failure
2006.10.04 11:08:08 LOG3[29231:25188864]: SSL_connect: 1408F10B:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2006.10.04 11:08:08 LOG5[29231:25188864]: Connection reset: 0 bytes
sent to SSL, 0 bytes sent to socket
2006.10.04 11:08:08 LOG7[29231:25188864]: ssmtp finished (0 left)

Any suggestions as to what is causing this and how I can fix it?

I got the same thing on another machine, with stunnel 4.04 and
OpenSSL 0.9.7d.

My stunnel.conf file is:

cert = /Users/jlbrown/%1.pem
key = /Users/jlbrown/%1.pem
debug=7
output=/dev/stdout
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Service-level configuration
[ssmtp]
client = yes
accept = 465
connect = 192.168.1.31:25

Any help would be much appreciated.

Thanks,

James.



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org