Project

General

Profile

Actions
Copy link

Bug #9919

closed

stunnel server connection failure if ECDSA cert is not in IPsec list

Added by Viktor Gurov about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
stunnel
Target version:
-
Start date:
11/23/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

stunnel client can use cert with any ECDSA curve,
but if stunnel server use incorrect (not prime256v1, secp384r1, secp521r1) curve, an error occurs:

SSL_connect: /build/ce-crossbuild-master/pfSense/tmp/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1528: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Actions
Copy link
 #2

Updated by Jim Pingle about 6 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #3

Updated by Renato Botelho about 6 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions
Copy link
 #4

Updated by Viktor Gurov about 6 years ago

  • Status changed from Feedback to Resolved

tested on pfSense 2.5.0.a.20191127.2047 with stunnel 5.50_2

correct, resolved

Actions
Copy link

Also available in: Atom PDF