stunnel TLS issues with some web browsers


    I have a problem with stunnel working in server mode (back end web is running on IIS7) and some versions of web browsers specifically Safari, IE10 on Win7, Opera and Safari on iOS 8.4 and Safari on OS X. Newer IE, Chrome and Firefox are working fine. The issue is broken SSL connection (Safari reports cannot open the page because it could not establish a secure connection to the server), following errors are logged in stunnel log file: SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback and  SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number. What's weird is that on some occasions the connections is established but when something is clicked on the web page the connection gets broken. I have tried configuring various cipher combinations on stunnel but so far without any luck.

My current stunnel configuration is following:

cert = chain.pem
key = priv.key

engine = DEP
libwrap = no

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

# Disable weak SSL ciphers
options = NO_SSLv2
options = NO_SSLv3


pid = /var/lib/stunnel/

setgid = stunnel
setuid = stunnel

; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel.log

; Service-level configuration
accept  = stunnel:443
connect = websrv:80

TIMEOUTclose = 0
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stunnel/ssl/linux versions would be nice.

you need to set sslVersion = all on old stunnels

it looks like you unwillingly disable TLS 1.0

Also big half of cipher preference list is obsolete:

tomislav11Author Commented:
Hi, thanks for the comment. Forgot to put versions, stunnel version is 5.09 built with OpenSSL 1.0.1k which was configured with following options: ./config --prefix=/usr/local/openssl no-asm no-camellia no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-zlib no-zlib-dynamic.
TLSv1 normally should be disabled but I left it out (options = NO_TLSv1) due to testing. Regarding the cipher list this one showed best results according to
You were looking at right place - ssl labs :)
There you can see that with TLS 1.0 disabled all browsers you mention are not able to connect.
Why dont you use openssl and stunnel build into your linux OS?
And nginx for where you have stunnel to offload logging from backend?
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

tomislav11Author Commented:
Now I have added following ciphers:

sslabs says TLSv1.0 is supported (grade A- due to lack of FS) but still no luck with these browsers.

Unfortunately I cannot change current software, OpenSSL is patched and customized as it uses an HSM to offload private keys so I'm rather stuck with this setup.
For PFS you need to enable SSLHonorCipherOrder in Apache.
TLS 1.0 is maximum for OSX 10.8 and OpenSSL 0.9.8 and Android 2.3.7, all lurking around in large numbers.
You cannot disable it for all practical purposes.

-SSLv3 ... !3DES locks out IE on XP

You run openssl commands on different openssl toolkit than built with no-camellia in /usr/local.
Do e.g this in profile you use for testing
alias openssl='LD_PRELOAD=/usr/local/lib/ /usr/local/bin/openssl'
Some more SSL scanners:

You should regularily check BCP document on SSL/TLS
Current is here:
Basically browsers that do not reach any recommended configuration are between obsolete and unsupportable under any formal securedness requirement.
And on the other hand server should allow all those ciphers that are not broken in last 4 months from that list.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: gheist (https:#a40907981)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.