From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 1729156 for ecs-isp@2rosenthals.com; Sat, 06 Mar 2021 07:06:47 -0500 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:50019 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1lIVhl-0006ZG-0k for ecs-isp@2rosenthals.com; Sat, 06 Mar 2021 07:06:45 -0500 Received: from mail2.quasarbbs.net ([80.86.52.115]:10152) by mail2.2rosenthals.com with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1lIVhh-0002KK-2U for ecs-isp@2rosenthals.com; Sat, 06 Mar 2021 07:06:42 -0500 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.74) for ; 06 Mar 2021 13:06:43 X-CTCH-RefID: str=0001.0A742F18.60437055.001A,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-RefID: str=0001.0A742F20.60437052.0007,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 Reply-To: ml@ecomstation.it Subject: Re: [eCS-ISP] Stunnel 5.58 To: eCS ISP Mailing List References: Organization: eComStation dot it Message-ID: <010a0ff9-0850-836e-9a50-9b5aaaf71538@ecomstation.it> Date: Sat, 6 Mar 2021 13:06:39 +0100 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 7bit Il 06/03/2021 00:02, Steven Levine ha scritto: > In, on 03/06/21 > at 07:03 AM, "Paul Smedley" said: > > Hi Paul, > >> I am NOT seeing this here. I just tested the build and it's working >> fine in my environment. Please post the full output of trying to run >> stunnel, not just the one line with the internal error. There may be >> useful additional context around that error. > stunnel-5.58-os2-20210228-debug.zip starts fine here, but I did run into a > backwards compatibility issue: > > Starting Stunnel daemon from > D:\SLAInc\stunnel\stunnel-to-steven-dnacih-com\etc stunnel > stunnel_to_steven.conf > [ ] Initializing inetd mode configuration > [ ] Clients allowed=4882 > [.] stunnel 5.58 on i386-pc-os2-emx built by Paul Smedley on Feb 28 2021 > [.] Compiled/running with OpenSSL 1.1.1j 16 Feb 2021 > [.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI [ ] errno: > (* _errno()) > [ ] Initializing inetd mode configuration > [.] Reading configuration from file > D:/SLAInc/stunnel/stunnel-to-steven-dnacih-com/etc/stunnel_to_steven.conf > [.] UTF-8 byte order mark not detected > [.] FIPS mode disabled > [ ] Compression disabled > [ ] No PRNG seeding was required > [ ] Initializing service [vnc] > [ ] stunnel default security level set: 2 > [ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK > [ ] TLSv1.3 ciphersuites: > TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 > [ ] TLS options: 0x02100004 (+0x00000000, -0x00000000) > [ ] Loading certificate from file: ssl/private/slainc.crt > [!] SSL_CTX_use_certificate_chain_file: ssl/ssl_rsa.c:301: > error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small [!] > Service [vnc]: Failed to initialize TLS context > [!] Configuration failed > [ ] Deallocating temporary section defaults > [ ] Deallocating section [vnc] > > This occurs because my keys, created years ago, are 1028 bit. > > The workaroud, for now, is to add: > > securityLevel = 1 even with this i still get the same error at startup massimo