Bug setting up stunnel server: `SSL3_GET_CLIENT_HELLO:wrong version number`

Question

I'm setting up an stunnel server on Windows XP, and I get this bug when a client tries to access:

2013.02.14 00:02:16 LOG7[8848:7664]: Service [https] accepted (FD=320) from 107.20.36.147:56160
2013.02.14 00:02:16 LOG7[8848:7664]: Creating a new thread
2013.02.14 00:02:16 LOG7[8848:7664]: New thread created
2013.02.14 00:02:16 LOG7[8848:9792]: Service [https] started
2013.02.14 00:02:16 LOG5[8848:9792]: Service [https] accepted connection from 107.20.36.147:56160
2013.02.14 00:02:16 LOG7[8848:9792]: SSL state (accept): before/accept initialization
2013.02.14 00:02:16 LOG7[8848:9792]: SSL alert (write): fatal: handshake failure
2013.02.14 00:02:16 LOG3[8848:9792]: SSL_accept: 1408A10B: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
2013.02.14 00:02:16 LOG5[8848:9792]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2013.02.14 00:02:16 LOG7[8848:9792]: Local socket (FD=320) closed
2013.02.14 00:02:16 LOG7[8848:9792]: Service [https] finished (0 left)

Any idea what to do about this? I read online that this might mean that my server is advertising that it can communicate in SSL3 but it in fact can't. If this is true I'd like to know how I can fix this. I'm editing the stunnel.conf file but I have no idea what to change in it to fix this.

UPDATE:

The above error message shows only when the Twilio client (i.e. Twilio's server) tries to access my server. When I try to access my server with one of my computers, the page does show up, but after the contents show up, Chrome shows the page as "loading" for around 30 seconds, at the end of which stunnel gives this message:

transfer: s_poll_wait: TIMEOUTclose exceeded: closing

UPDATE:

Here is the wireshark capture: https://gist.github.com/cool-RR/4963477

Cap file: https://dl.dropbox.com/u/1927707/wireshark.cap

Note that the server runs on port 8088.

UPDATE:

Here is the log from the server (with debug=7):

2013.02.17 17:06:52 LOG7[7636:2092]: No limit detected for the number of clients
2013.02.17 17:06:52 LOG5[7636:2092]: stunnel 4.54 on x86-pc-msvc-1500 platform
2013.02.17 17:06:52 LOG5[7636:2092]: Compiled/running with OpenSSL 1.0.1c-fips 10 May 2012
2013.02.17 17:06:52 LOG5[7636:2092]: Threading:WIN32 SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6
2013.02.17 17:06:52 LOG5[7636:2092]: Reading configuration from file stunnel.conf
2013.02.17 17:06:52 LOG5[7636:2092]: FIPS mode is enabled
2013.02.17 17:06:52 LOG7[7636:2092]: Compression not enabled
2013.02.17 17:06:52 LOG7[7636:2092]: Snagged 64 random bytes from C:\Documents and Settings\User/.rnd
2013.02.17 17:06:52 LOG7[7636:2092]: Wrote 1024 new random bytes to C:\Documents and Settings\User/.rnd
2013.02.17 17:06:52 LOG7[7636:2092]: PRNG seeded successfully
2013.02.17 17:06:52 LOG6[7636:2092]: Initializing service [https]
2013.02.17 17:06:52 LOG7[7636:2092]: Certificate: G:\Dropbox\StartSSL\SSL Cert.pem
2013.02.17 17:06:52 LOG7[7636:2092]: Certificate loaded
2013.02.17 17:06:52 LOG7[7636:2092]: Key file: G:\Dropbox\StartSSL\SSL Cert.pem
2013.02.17 17:06:52 LOG7[7636:2092]: Private key loaded
2013.02.17 17:06:52 LOG7[7636:2092]: Could not load DH parameters from G:\Dropbox\StartSSL\SSL Cert.pem
2013.02.17 17:06:52 LOG7[7636:2092]: Using hardcoded DH parameters
2013.02.17 17:06:52 LOG7[7636:2092]: DH initialized with 2048-bit key
2013.02.17 17:06:52 LOG7[7636:2092]: ECDH initialized with curve prime256v1
2013.02.17 17:06:52 LOG7[7636:2092]: SSL options set: 0x03000004
2013.02.17 17:06:52 LOG5[7636:2092]: Configuration successful
2013.02.17 17:06:52 LOG7[7636:2092]: Service [https] (FD=268) bound to 0.0.0.0:8088
2013.02.17 17:07:08 LOG7[7636:2092]: Service [https] accepted (FD=320) from 54.242.25.199:45922
2013.02.17 17:07:08 LOG7[7636:2092]: Creating a new thread
2013.02.17 17:07:08 LOG7[7636:2092]: New thread created
2013.02.17 17:07:08 LOG7[7636:8004]: Service [https] started
2013.02.17 17:07:08 LOG5[7636:8004]: Service [https] accepted connection from 54.242.25.199:45922
2013.02.17 17:07:08 LOG7[7636:8004]: SSL state (accept): before/accept initialization
2013.02.17 17:07:08 LOG7[7636:8004]: SSL alert (write): fatal: handshake failure
2013.02.17 17:07:08 LOG3[7636:8004]: SSL_accept: 1408A10B: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
2013.02.17 17:07:08 LOG5[7636:8004]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2013.02.17 17:07:08 LOG7[7636:8004]: Local socket (FD=320) closed
2013.02.17 17:07:08 LOG7[7636:8004]: Service [https] finished (0 left)

UPDATE:

Here's my stunnel.conf file.

The dropbox file seems missing. The server is returning HTTP/404 — Mircea Vutcovici, Feb 16 '13 at 15:47
Could you please include the stunnel.conf file as well ? Because it looks like your server is refusing SSLv3.0 connections — Stephane, Feb 18 '13 at 15:30

Mircea Vutcovici · Accepted Answer · 2013-02-18T20:28:12.607

3

You should make a network capture and see why it was rejected. Also check the logs on both end points. Increase the debug level in the stunnel conf.

You need to make a network trace to figure out which version of the SSL protocol the client is supporting. Then make sure the your server supports that version too.

A client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested CipherSuites and suggested compression methods.

Source

Please note that the SSL protocol was changed a few years ago because of a security bug in the renegotiation. See CVE-2009-3555 and this page on SSL Renegotiation

The server is responding with:

Secure Sockets Layer
    SSLv3 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: SSL 3.0 (0x0300)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

You have to check the logs on the SSL server to see why it has refused the connection. Try to enable SSL debugging on stunnel with: debug=7.

The stunnel server has options = NO_SSLv3, but the client is trying to connect using SSLv3. You need to upgrade the client to support a newer version of SSL or you need to change the stunnel configuration to accept SSLv3.

edited Feb 18 '13 at 20:28

answered Feb 12 '13 at 20:34

Mircea Vutcovici

16,706
4
52
80

I've updated the question with more details. Do you still need me to do a network capture? – Ram Rachum Feb 13 '13 at 22:07
Yes, to know which version is supported by the SSL client. – Mircea Vutcovici Feb 13 '13 at 22:29
I've done a Wireshark capture and linked to it in the question. – Ram Rachum Feb 15 '13 at 20:58
The capture is interpreted as "HTTP" it should be interpreted as SSL. That file is not the *.cap file. The *.cap is a binary file that contains all traffic including time stamps. You need to search for "ALERT" in the capture information. See: http://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol – Mircea Vutcovici Feb 15 '13 at 21:41
Binary file added to question. – Ram Rachum Feb 16 '13 at 14:34
(Fixed bad link.) – Ram Rachum Feb 16 '13 at 16:52
I added the log output to the question. – Ram Rachum Feb 17 '13 at 15:12
It didn't work even when I removed the `NO_SSLv3`. This is the log output from that session: https://gist.github.com/cool-RR/4981928 – Ram Rachum Feb 19 '13 at 00:12
I added the log output in the preceding comment, with SSL3 enabled as you requested. Any insights? – Ram Rachum Feb 20 '13 at 15:12
You should take another capture and see which version is used. The error does not make sense. If you have SSLv3 to be accepted on the stunnel, then the server should not refuse it. Try to debug stunnel. If you use Linux for stunnel, run it with `strace` like: `strace -fp `. If it is running on Windows use Process Monitor from SysInternals. Try to add in stunnel.conf: `sslVersion = all` – Mircea Vutcovici Feb 20 '13 at 17:50
Trying to add `sslVersion = all` results in this error: `Service [https]: 'sslVersion = TLSv1' is required in FIPS mode`. – Ram Rachum Feb 20 '13 at 20:03
Here's the capture from Wireshark with SSL3 enabled: http://db.tt/qojUw4DR – Ram Rachum Feb 20 '13 at 20:08
Do you still want me to run Process Monitor? – Ram Rachum Feb 20 '13 at 20:08
1

Ok, the problem is that you have FIPS mode enabled (it is enabled by default in stunnel compiled with FIPS) and that the client is trying to connect using SSLv3 (I assume, you have to confirm from logs or network capture). But FIPS is working only with TLSv1 or newer. – Mircea Vutcovici Feb 21 '13 at 01:33
1

You have 2 solutions: 1. upgrade the SSL client (Twilio). 2. disable FIPS compliance, and lower the security, by adding `fips = no` to stunnel.conf – Mircea Vutcovici Feb 21 '13 at 01:36

score 0 · Answer 2 · answered Feb 10 '13 at 02:31

0

It could be an SSL version mismatch between the client and the server. Make sure the client is configured for SSL3 only, by disabling older SSL versions on the client.

answered Feb 10 '13 at 02:31

Daniel t.

9,061
1
32
36

I have no idea how to do that. – Ram Rachum Feb 10 '13 at 09:00

Bug setting up stunnel server: `SSL3_GET_CLIENT_HELLO:wrong version number`

2 Answers2