Unable to connect to stunnelled RTSP stream using VLC mediaplayer

Question

This problem has been plaguing me for quite a while. I've setup Stunnel (v5.59) on my Windows10 desktop. Certificates were generated with Certbot (beta1.15.0) for my internal network.

Stunnel configuration is as follows:

socket= l:TCP_NODELAY=1
socket= r:TCP_NODELAY=1
output= stunnel.log 
debug= 7 

[rtsp]
cert= fullchain1.pem
key= privkey1.pem
sslVersion= TLSv1.2 
options= NO_SSLv2
options= NO_SSLv3
accept= 443
connect= 192.168.30.1:7447 
TIMEOUTclose= 0

On starting Stunnel, the logs is as follows:

2021.10.08 12:24:49 LOG6[main]: Initializing inetd mode configuration
2021.10.08 12:24:49 LOG7[main]: Running on Windows 6.2
2021.10.08 12:24:49 LOG7[main]: No limit detected for the number of clients
2021.10.08 12:24:49 LOG5[main]: stunnel 5.59 on x64-pc-mingw32-gnu platform
2021.10.08 12:24:49 LOG5[main]: Compiled/running with OpenSSL 1.1.1k  25 Mar 2021
2021.10.08 12:24:49 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2021.10.08 12:24:49 LOG7[main]: errno: (*_errno())
2021.10.08 12:24:49 LOG7[ui]: GUI message loop initialized
2021.10.08 12:24:49 LOG6[main]: Initializing inetd mode configuration
2021.10.08 12:24:49 LOG7[main]: Running on Windows 6.2
2021.10.08 12:24:49 LOG5[main]: Reading configuration from file stunnel.conf
2021.10.08 12:24:49 LOG5[main]: UTF-8 byte order mark detected
2021.10.08 12:24:49 LOG5[main]: FIPS mode disabled
2021.10.08 12:24:49 LOG6[main]: Compression enabled: 0 methods
2021.10.08 12:24:49 LOG7[main]: No PRNG seeding was required
2021.10.08 12:24:49 LOG6[main]: Initializing service [rtsp]
2021.10.08 12:24:49 LOG6[main]: stunnel default security level set: 2
2021.10.08 12:24:49 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2021.10.08 12:24:49 LOG7[main]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
2021.10.08 12:24:49 LOG7[main]: TLS options: 0x02100004 (+0x02000000, -0x00000000)
2021.10.08 12:24:49 LOG6[main]: Loading certificate from file: fullchain1.pem
2021.10.08 12:24:49 LOG6[main]: Certificate loaded from file: fullchain1.pem
2021.10.08 12:24:49 LOG6[main]: Loading private key from file: privkey1.pem
2021.10.08 12:24:49 LOG6[main]: Private key loaded from file: privkey1.pem
2021.10.08 12:24:49 LOG7[main]: Private key check succeeded
2021.10.08 12:24:49 LOG6[main]: DH initialization skipped: no DH ciphersuites
2021.10.08 12:24:49 LOG7[main]: ECDH initialization
2021.10.08 12:24:49 LOG7[main]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384
2021.10.08 12:24:49 LOG5[main]: Configuration successful
2021.10.08 12:24:49 LOG7[main]: Deallocating deployed section defaults
2021.10.08 12:24:49 LOG7[main]: Binding service [rtsp]
2021.10.08 12:24:49 LOG7[main]: Listening file descriptor created (FD=528)
2021.10.08 12:24:49 LOG7[main]: Setting accept socket options (FD=528)
2021.10.08 12:24:49 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2021.10.08 12:24:49 LOG6[main]: Service [rtsp] (FD=528) bound to 0.0.0.0:443
2021.10.08 12:24:49 LOG7[cron]: Cron thread initialized
2021.10.08 12:24:49 LOG6[cron]: Executing cron jobs
2021.10.08 12:24:49 LOG6[cron]: Cron jobs completed in 0 seconds
2021.10.08 12:24:49 LOG7[cron]: Waiting 86400 seconds

From a VLC mediaplayer on the same machine that's running Stunnel, I tried accessing the stunnelled RTSP stream.

2021.10.08 12:27:16 LOG7[main]: Found 1 ready file descriptor(s)
2021.10.08 12:27:16 LOG7[main]: FD=528 ifds=r-x ofds=r--
2021.10.08 12:27:16 LOG7[main]: FD=556 ifds=r-x ofds=---
2021.10.08 12:27:16 LOG7[main]: Service [rtsp] accepted (FD=848) from 192.168.30.178:55336
2021.10.08 12:27:16 LOG7[main]: Creating a new thread
2021.10.08 12:27:16 LOG7[main]: New thread created
2021.10.08 12:27:16 LOG7[0]: Service [rtsp] started
2021.10.08 12:27:16 LOG7[0]: Setting local socket options (FD=848)
2021.10.08 12:27:16 LOG7[0]: Option TCP_NODELAY set on local socket
2021.10.08 12:27:16 LOG5[0]: Service [rtsp] accepted connection from 192.168.30.178:55336
2021.10.08 12:27:16 LOG6[0]: Peer certificate not required
2021.10.08 12:27:16 LOG7[0]: TLS state (accept): before SSL initialization
2021.10.08 12:27:16 LOG3[0]: SSL_accept: ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2021.10.08 12:27:16 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2021.10.08 12:27:16 LOG7[0]: Local descriptor (FD=848) closed
2021.10.08 12:27:16 LOG7[0]: Service [rtsp] finished (0 left)

Can someone give me clues? I tried google-ing for "Ssl3_get_record:wrong version number". But the results aren't helpful.

I ran the following command to connect to the stunnel machine:

openssl s_client -connect <domain_of_stunnel_machine>:443 -tls1_2

Stunnel responded with logs:

2021.10.08 12:51:57 LOG7[main]: Found 1 ready file descriptor(s)
2021.10.08 12:51:57 LOG7[main]: FD=540 ifds=r-x ofds=r--
2021.10.08 12:51:57 LOG7[main]: FD=548 ifds=r-x ofds=---
2021.10.08 12:51:57 LOG7[main]: Service [rtsp] accepted (FD=868) from 192.168.30.169:53837
2021.10.08 12:51:57 LOG7[main]: Creating a new thread
2021.10.08 12:51:57 LOG7[main]: New thread created
2021.10.08 12:51:57 LOG7[0]: Service [rtsp] started
2021.10.08 12:51:57 LOG7[0]: Setting local socket options (FD=868)
2021.10.08 12:51:57 LOG7[0]: Option TCP_NODELAY set on local socket
2021.10.08 12:51:57 LOG5[0]: Service [rtsp] accepted connection from 192.168.30.169:53837
2021.10.08 12:51:57 LOG6[0]: Peer certificate not required
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): before SSL initialization
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): before SSL initialization
2021.10.08 12:51:57 LOG7[0]: Decrypt session ticket callback
2021.10.08 12:51:57 LOG7[0]: Initializing application specific data for session authenticated
2021.10.08 12:51:57 LOG7[0]: SNI: no virtual services defined
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS read client hello
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write server hello
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write certificate
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write key exchange
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write server done
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write server done
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS read client key exchange
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS read change cipher spec
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS read finished
2021.10.08 12:51:57 LOG7[0]: Generate session ticket callback
2021.10.08 12:51:57 LOG7[0]: Initializing application specific data for session authenticated
2021.10.08 12:51:57 LOG7[0]: Deallocating application specific data for session connect address
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write session ticket
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write change cipher spec
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write finished
2021.10.08 12:51:57 LOG7[0]:      1 server accept(s) requested
2021.10.08 12:51:57 LOG7[0]:      1 server accept(s) succeeded
2021.10.08 12:51:57 LOG7[0]:      0 server renegotiation(s) requested
2021.10.08 12:51:57 LOG7[0]:      0 session reuse(s)
2021.10.08 12:51:57 LOG7[0]:      0 internal session cache item(s)
2021.10.08 12:51:57 LOG7[0]:      0 internal session cache fill-up(s)
2021.10.08 12:51:57 LOG7[0]:      0 internal session cache miss(es)
2021.10.08 12:51:57 LOG7[0]:      0 external session cache hit(s)
2021.10.08 12:51:57 LOG7[0]:      0 expired session(s) retrieved
2021.10.08 12:51:57 LOG6[0]: TLS accepted: new session negotiated
2021.10.08 12:51:57 LOG6[0]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2021.10.08 12:51:57 LOG3[0]: SSL_get_peer_tmp_key: Peer suddenly disconnected
2021.10.08 12:51:57 LOG7[0]: Compression: null, expansion: null
2021.10.08 12:51:57 LOG6[0]: s_connect: connecting 192.168.30.1:7447
2021.10.08 12:51:57 LOG7[0]: s_connect: s_poll_wait 192.168.30.1:7447: waiting 10 seconds
2021.10.08 12:51:57 LOG7[0]: FD=868 ifds=--- ofds=r--
2021.10.08 12:51:57 LOG7[0]: FD=892 ifds=rwx ofds=---
2021.10.08 12:51:57 LOG5[0]: s_connect: connected 192.168.30.1:7447
2021.10.08 12:51:57 LOG6[0]: persistence: 192.168.30.1:7447 cached
2021.10.08 12:51:57 LOG5[0]: Service [rtsp] connected remote server from 192.168.30.178:54762
2021.10.08 12:51:57 LOG7[0]: Setting remote socket options (FD=892)
2021.10.08 12:51:57 LOG7[0]: Option TCP_NODELAY set on remote socket
2021.10.08 12:51:57 LOG7[0]: Remote descriptor (FD=892) initialized

Unable to connect to stunnelled RTSP stream using VLC mediaplayer

0 Answers0