Bug #9919: stunnel server connection failure if ECDSA cert is not in IPsec list - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #9919

closed

stunnel server connection failure if ECDSA cert is not in IPsec list

Added by Viktor Gurov about 6 years ago. Updated about 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Renato Botelho

Category:

stunnel

Target version:

Start date:

11/23/2019

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

stunnel client can use cert with any ECDSA curve,
but if stunnel server use incorrect (not prime256v1, secp384r1, secp521r1) curve, an error occurs:

SSL_connect: /build/ce-crossbuild-master/pfSense/tmp/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1528: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #9919

stunnel server connection failure if ECDSA cert is not in IPsec list

Updated by Viktor Gurov about 6 years ago

Updated by Jim Pingle about 6 years ago

Updated by Renato Botelho about 6 years ago

Updated by Viktor Gurov about 6 years ago