In<list-1728662@2rosenthals.com>, on 03/06/21
    at 07:03 AM, "Paul Smedley"<ecs-isp@2rosenthals.com>  said:

Hi Paul,

I am NOT seeing this here.  I just tested the build and it's working
fine in my environment. Please post the full output of trying to run
stunnel, not just the one line with the internal error. There may be
useful additional context around that error.

stunnel-5.58-os2-20210228-debug.zip starts fine here, but I did run into a
backwards compatibility issue:

Starting Stunnel daemon from
D:\SLAInc\stunnel\stunnel-to-steven-dnacih-com\etc stunnel
stunnel_to_steven.conf
[ ] Initializing inetd mode configuration
[ ] Clients allowed=4882
[.] stunnel 5.58 on i386-pc-os2-emx built by Paul Smedley on Feb 28 2021
[.] Compiled/running with OpenSSL 1.1.1j  16 Feb 2021
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI [ ] errno:
(* _errno())
[ ] Initializing inetd mode configuration
[.] Reading configuration from file
D:/SLAInc/stunnel/stunnel-to-steven-dnacih-com/etc/stunnel_to_steven.conf
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [vnc]
[ ] stunnel default security level set: 2
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLSv1.3 ciphersuites:
TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
[ ] TLS options: 0x02100004 (+0x00000000, -0x00000000)
[ ] Loading certificate from file: ssl/private/slainc.crt
[!] SSL_CTX_use_certificate_chain_file: ssl/ssl_rsa.c:301:
error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small [!]
Service [vnc]: Failed to initialize TLS context
[!] Configuration failed
[ ] Deallocating temporary section defaults
[ ] Deallocating section [vnc]

This occurs because my keys, created years ago, are 1028 bit.

The workaroud, for now, is to add:

   securityLevel = 1