Zml4YmV0YS1lbXN4LmJsb29tYmVyZy5jb22CG2ZpeGJldGEtZXRvbXMuYmxvb21i YS10Yi5ibG9vbWJlcmcuY29tg9pmaXhiZXRhLWZpY2MuYmxvb21iZXJnLmNvbYIa GhVmaXhiZXRhLmJsb29tYmVyZy5jb22CGWZpeGJldGEtYWltLmJsb29tYmVyZy5jī22CGmZpeGJldGEtdG9tcy5ibG9vbWJlcmcuY29tghpmaXhiZXRhLWRhc2guYmxvī21iZXJnLmNvbYIcZml4YmV0YS1zc2VvbXMuYmxvb21iZXJnLmNvbYIYZml4YmV0 O7V8X2ewXLSM6E4NG3+ZCzlr1iUCAuX7C8n28DBV4weFWlhXJvT3Zfkxexfm3YWdĩ4Z9C4MWoq/sB5GKKwIDAQABo4IBQTCCAT0wCQYDVR0TBAIwADALBgNVHQ8EBAMCīaAwHQYDVR0lBBYwFAYIKwYBB75UHAwEGCCsGAQUFBwMCMIIBAgYDVR0RBIH6MIH3 X90+b+p4UlOe5QQp1/0hGdBbQhG3lZn+rPMgSIK8rPU0yAMUI9bqqEMNshFof1PQ INXe8TPOzQxCU79jPIxtIYkXHMJ5KdhODxxHV2bZke8r9RzgFNO2fCGm/67dZFYR JLQ9P8lHDRQYi4XoNcM8DXijx/A0L7mNFxLwoFxrl2Y67tjrZRVINcbZdrMP/m/RĢo5vR8USHKRT7HWEwJwdQ3MN829IMngXhhiNK/zps3Xnyw4luvXs53E1YgqgH/du Qmxvb21iZXJnIEwuUC4xDDAKBgNVBAsMA0ZJWDEeMBwGA1UEAwwVZml4YmV0YS5iīG9vbWJlcmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26dq NDJaMGcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEXMBUGA1UECgwO T1JLMRUwEwYDVQQKEwxCbG9vbWJlcmcgTFAxDDAKBgNVBAsTA0ZJWDEZMBcGA1UEĪxMQRklYIENvbm5lY3Rpdml0eTAeFw0xOTA1MTUxNjQyNDJaFw0yMDAyMDkxNjQy MQswCQYDVQQGEwJVUzERMA8GA1UECBMITkVXIFlPUks圎TAPBgNVBAcTCE5FVyBZ MIIFpzCCA4+gAwIBAgIQc9qYG4Sl83koJYfu5YBKXjANBgkqhkiG9w0BAQsFADBz I:/C=US/ST=NEW YORK/L=NEW YORK/O=CustomerABC LP/OU=R&D/CN=System Security Root s:/C=US/ST=NEW YORK/L=NEW YORK/O=CustomerABC LP/OU=R&D/CN=System Security Root YORK/L=NEW YORK/O=CustomerABC LP/OU=R&D/CN=System Security Root certificate I:/C=US/ST=NEW YORK/L=NEW YORK/O=CustomerABC LP/OU=Test/CN=Test Connectivityġ s:/C=US/ST=NEW YORK/L=NEW YORK/O=CustomerABC LP/OU=Test/CN=Test Connectivity I get this in return, /e/stunnel# openssl s_client -connect 112.13.172.34:8228 -cert certs/CustomerABC/uat/cert.pem -key certs/CustomerABC/uat/key.pemĭepth=2 C = US, ST = NEW YORK, L = NEW YORK, O = CustomerABC LP, OU = R&D, CN = System Security Root CA, emailAddress = error:num=19:self signed certificate in certificate chainĠ s:/C=US/ST=New York/O=CustomerABC L.P./OU=Test/CN= I can connect to the customer using openssl s_connect and get a handshake, /e/stunnel# openssl s_client -connect 123.111.172.34:8228 -cert certs/customerABC/uat/cert.pem -key certs/customerABC/uat/key.pem -tls1_2 Key = /etc/stunnel/certs/customerABC/uat/key.pemĬAfile = /etc/stunnel/certs/customerABC/uat/CACerts.pem My stunnel config looks like this, Im using the customer's Key and Cert to connect (client mode) /e/stunnel# cat nfĬert = /etc/stunnel/certs/customerABC/uat/cert.pem
My Stunnel version, /e/stunnel# rpm -qa | grep stunnel My openssl versions /e/stunnel# rpm -qa | grep openssl Jan 27 12:49:24 qbtch2 stunnel: LOG5: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Jan 27 12:49:24 qbtch2 stunnel: LOG3: SSL_connect: s23_clnt.c:769: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Jan 27 12:49:24 qbtch2 stunnel: LOG6: Peer certificate not required I cannot establish a handshake and am getting the following err message in /var/log/messages, getting a Handshake Failure Jan 27 12:49:24 qbtch2 stunnel: LOG6: SNI: sending servername: 123.111.172.34
The customer is running Stunnel server, and I am the client. I am trying to connect to a customer from my Centos7 server,