I'm having no luck getting an stunnel server to use DH key exchange and DHE-
RSA-AES256-SHA ciphers.

Everything works fine until I try to use the DHE cipher. i.e. AES256-SHA wor
ks with my configuration.

Do I have a server certificate problem?

Could someone help walk me through the stunnel server configuration so the D
HE-RSA-AES256-SHA cipher works?

Thanks,

Sorry for my previous post. Funny things happen when you are running windows
!

[ Post a follow-up to this message ]

In article <4ab016325f308c5cdcde012eed382024@anon.mixmaster.mixmin.net>
Privacy Nut <nobody@invalid.org> wrote:
>
> I'm having no luck getting an stunnel server to use DH key exchange and DH
E-RSA-AES256-SHA ciphers.
>
> Everything works fine until I try to use the DHE cipher. i.e. AES256-SHA works wit
h my configuration.

Could you provide your stunnel config file for us to look at? At the
moment, it's hard to know what the problem is as we don't know what
configuration options you've set.

[ Post a follow-up to this message ]

Privacy Nut <nobody@invalid.org> wrote in
 news:4ab016325f308c5cdcde012eed382024@an
on.mixmaster.mixmin.net:

> I'm having no luck getting an stunnel server to use DH key exchange
> and DHE-RSA-AES256-SHA ciphers.
>
> Everything works fine until I try to use the DHE cipher. i.e.
> AES256-SHA works with my configuration.
>
> Do I have a server certificate problem?
>
> Could someone help walk me through the stunnel server configuration so
> the DHE-RSA-AES256-SHA cipher works?
>
> Thanks,
>
> Sorry for my previous post. Funny things happen when you are running
> windows!
>
>



OK, first things first: Stunnel itself doesn't provide encryption, it is
built on top of a separate encryption layer.  The most popular (I know of
no other) layers are SSleay and OpenSSL. Which are you using?

Regards,

PS  Provide as much additional info as possible (or you feel conmfortable
giving) such as with whom and how you will be connecting.  Encryption
protocols are an "it takes two to tango" affair - they must be negotiated
with the other end, usually to find a "highest common denominator".

[ Post a follow-up to this message ]

In article <K80I7CFW38833.2107986111@reece.net.au>
Thrasher Remailer <thrasher@reece.net.au> wrote:
>Send us your config file

The following config will connect with AES256-SHA. If I
remove the Ciphers line altogether it connects with
AES256-SHA.

If I remove the AES256-SHA option from the ciphers line
(leaving DHE-RSA-AES256-SHA as the only cipher option)
the client side says that the server disconnected suddenly,
and the server side log file indicates that there is no shared
cipher. I have tried this with every Stunnel version from 4.10
to 4.15 and with several openssl versions including the most recent.

I can connect (using another stunnel instance running version 4.10
and obviously a different config file) to banana's SMTP service using
TLS.

Here is the server config

#stunnel server setup

CAfile=CAcert.pem
CApath=certificates
cert=server.pem
debug = 7
#verify = 3
output = log.txt
client = no
options = all
RNDbytes = 1024
RNDfile = bananarand.bin
RNDoverwrite = yes
Ciphers = DHE-RSA-AES256-SHA:AES256-SHA

#service level configuration
[vnc]
accept = 0.0.0.0:7443
connect = 127.0.0.1:5900
delay = no



Here is some logging info from banana SMTp to show that my stunnel is workin
g:
I think I have removed all of the real IP addresses except banana's.
Note the "negotiated ciphers" on the second line.


2006.04.25 14:24:07 LOG6[1700:2008]: SSL connected: new session negotiat
ed
2006.04.25 14:24:07 LOG6[1700:2008]: Negotiated ciphers: DHE-RSA-AES256-
SHA SSLv3 Kx=DH Au=RSA  Enc=AES(256)  Mac=SHA1
2006.04.25 14:24:12 LOG7[1700:2008]: SSL socket closed on SSL_read
2006.04.25 14:24:12 LOG7[1700:2008]: Socket write shutdown
2006.04.25 14:24:12 LOG5[1700:2008]: Connection closed: 28994 bytes sent
 to SSL, 122 bytes sent to socket
2006.04.25 14:24:12 LOG7[1700:2008]: BANANA_TLS_SMTP finished (0 left)
2006.04.25 14:24:15 LOG7[1700:2460]: BANANA_TLS_SMTP accepted FD=184 fro
m 127.0.0.1:4909
2006.04.25 14:24:15 LOG7[1700:2460]: Creating a new thread
2006.04.25 14:24:15 LOG7[1700:2460]: New thread created
2006.04.25 14:24:15 LOG7[1700:2172]: BANANA_TLS_SMTP started
2006.04.25 14:24:15 LOG7[1700:2172]: FD 184 in non-blocking mode
2006.04.25 14:24:15 LOG5[1700:2172]: BANANA_TLS_SMTP connected from 127.
0.0.1:4909
2006.04.25 14:24:15 LOG7[1700:2172]: FD 200 in non-blocking mode
2006.04.25 14:24:15 LOG7[1700:2172]: BANANA_TLS_SMTP connecting 82.133.6
.118:2525
2006.04.25 14:24:15 LOG7[1700:2172]: connect_wait: waiting 10 seconds
2006.04.25 14:24:16 LOG7[1700:2172]: connect_wait: connected
2006.04.25 14:24:16 LOG7[1700:2172]: Remote FD=200 initialized
2006.04.25 14:24:16 LOG5[1700:2172]: Negotiations for smtp (client side)
 started
2006.04.25 14:24:16 LOG7[1700:2172]:  <- 220 fleegle.bananasplit.info ES
MTP Postfix (Debian/GNU).
2006.04.25 14:24:16 LOG7[1700:2172]:  -> 220 fleegle.bananasplit.info ES
MTP Postfix (Debian/GNU).
2006.04.25 14:24:16 LOG7[1700:2172]:  -> EHLO localhost
2006.04.25 14:24:16 LOG7[1700:2172]:  <- 250-fleegle.bananasplit.info.
2006.04.25 14:24:16 LOG7[1700:2172]:  <- 250-PIPELINING.
2006.04.25 14:24:16 LOG7[1700:2172]:  <- 250-SIZE 10240000.
2006.04.25 14:24:16 LOG7[1700:2172]:  <- 250-ETRN.
2006.04.25 14:24:16 LOG7[1700:2172]:  <- 250-STARTTLS.
2006.04.25 14:24:16 LOG7[1700:2172]:  <- 250 8BITMIME.
2006.04.25 14:24:16 LOG7[1700:2172]:  -> STARTTLS
2006.04.25 14:24:16 LOG7[1700:2172]:  <- 220 Ready to start TLS.
2006.04.25 14:24:16 LOG5[1700:2172]: Protocol negotiation succeded
2006.04.25 14:24:16 LOG7[1700:2172]: SSL state (connect): before/connect
 initialization
2006.04.25 14:24:16 LOG7[1700:2172]: SSL state (connect): SSLv3 write cl
ient hello A
2006.04.25 14:24:16 LOG7[1700:2172]: SSL state (connect): SSLv3 read ser
ver hello A
2006.04.25 14:24:16 LOG7[1700:2172]: SSL state (connect): SSLv3 read fin
ished A
2006.04.25 14:24:16 LOG7[1700:2172]: SSL state (connect): SSLv3 write ch
ange cipher spec A
2006.04.25 14:24:16 LOG7[1700:2172]: SSL state (connect): SSLv3 write fi
nished A
2006.04.25 14:24:16 LOG7[1700:2172]: SSL state (connect): SSLv3 flush da
ta
2006.04.25 14:24:16 LOG7[1700:2172]:    3 items in the session cache
2006.04.25 14:24:16 LOG7[1700:2172]:    5 client connects (SSL_connect()
)
2006.04.25 14:24:16 LOG7[1700:2172]:    5 client connects that finished
2006.04.25 14:24:16 LOG7[1700:2172]:    0 client renegotiatations reques
ted
2006.04.25 14:24:16 LOG7[1700:2172]:    0 server connects (SSL_accept())
2006.04.25 14:24:16 LOG7[1700:2172]:    0 server connects that finished
2006.04.25 14:24:16 LOG7[1700:2172]:    0 server renegotiatiations reque
sted
2006.04.25 14:24:16 LOG7[1700:2172]:    2 session cache hits
2006.04.25 14:24:16 LOG7[1700:2172]:    0 session cache misses
2006.04.25 14:24:16 LOG7[1700:2172]:    0 session cache timeouts
2006.04.25 14:24:16 LOG6[1700:2172]: SSL connected: previous session reu
sed
2006.04.25 14:24:20 LOG7[1700:2172]: SSL socket closed on SSL_read
2006.04.25 14:24:20 LOG7[1700:2172]: Socket write shutdown
2006.04.25 14:24:20 LOG5[1700:2172]: Connection closed: 28994 bytes sent
 to SSL, 122 bytes sent to socket
2006.04.25 14:24:20 LOG7[1700:2172]: BANANA_TLS_SMTP finished (0 left)

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 25 Apr 2006, Privacy Nut wrote:
>I'm having no luck getting an stunnel server to use DH key exchange and
>DHE-RSA-AES256-SHA ciphers.
>
>Everything works fine until I try to use the DHE cipher.
> i.e. AES256-SHA works with my configuration.
>


Hello,

Diffie-Hellman key exchange (DH Kx) is not enabled in the default Stunnel bu
ild.

When you compile do:

./configure --enable-dh



Else if you are after "short-lived" (ephemeral) key exchange you may
add the option to your conf file for RSA Kx.


#stunnel server setup

CAfile=CAcert.pem
CApath=certificates
cert=server.pem
debug = 7
#verify = 3
output = log.txt
client = no
options = all
options = EPHEMERAL_RSA


Then your logfile...


> : SSL state (connect): before/connect initialization
> : SSL state (connect): SSLv3 write client hello A
> : SSL state (connect): SSLv3 read server hello A
> : SSL state (connect): SSLv3 read finished A
> : SSL state (connect): SSLv3 write change cipher spec A
> : SSL state (connect): SSLv3 write finished A
> : SSL state (connect): SSLv3 flush data

..will look something like:

]: SSL state (accept): before/accept initialization
]: SSL state (accept): SSLv3 read client hello A
]: SSL state (accept): SSLv3 write server hello A
]: SSL state (accept): SSLv3 write certificate A
]: Generating 1024 bit temporary RSA key...
]: Temporary RSA key created
]: SSL state (accept): SSLv3 write key exchange A
]: SSL state (accept): SSLv3 write server done A
]: SSL state (accept): SSLv3 flush data
]: SSL state (accept): SSLv3 read client key exchange A
]: SSL state (accept): SSLv3 read finished A
]: SSL state (accept): SSLv3 write change cipher spec A
]: SSL state (accept): SSLv3 write finished A
]: SSL state (accept): SSLv3 flush data


Else build Stunnel with the --enable-dh option.


Ciao!

BiKiKii

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQEVAwUBRE7tyfRwi/QFFzi5AQHrjwf/UovSLHedgkM86rY2SBHIY58azsT8xwXy
 r34V0ajXnELO0jch6k3wVje5LXjE8z+bEDMTqDXz
DqTyw4mJk5u+aQG+MVnZwFuz
 1VWf4q9YVd+W+1a7KcH6M2B5Gzmmv6vDklkC9aCC
leMLx25iBynfVslWk5j6tQWX
 VgygbgheOGmDnGfjz6jFjZ5lQyJ3zSh6ekNVwtJd
lC0K6NRgkQgemS+KUMJi1WWq
 EJyuQ+tRSe9QlZyxF5lXQ1SNaw6rhm4vZQ2ynuXG
njK+Kn2/9KiDeIJ0eODLMNvV
fyHPrdKnh9omBVQc5TDqDOoHwVzpnbQ07hWMC/xf8MzFEWtE9MC+WQ==
=x76b
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

Details of the connection follow:

Oh, I know I;m not anonymous any more, but this is only
person email I'm trying to access and this is my throw-away email
address, so I guess little or no harm done.


"nemo_outis" <abc@xyz.com> wrote in message
news:Xns97B0BAB24255Fabcxyzcom@204.153.244.170...
> PS  Provide as much additional info as possible (or you feel conmfortable
> giving) such as with whom and how you will be connecting.  Encryption
> protocols are an "it takes two to tango" affair - they must be negotiated
> with the other end, usually to find a "highest common denominator".

For now I am connecting with my own server on a LAN. I want to be able to
use the connection
to secure wifi access to my home computer from a cafe in Washington DC.
(i.e. I connect to
a public wifi hotspot, bring up stunnel and access email or a home computer.
I can already do this
using puTTY, but I like TLS :-) so want to try stunnel. Unless someone knows
how to get Windoz
puTTY to take to OpenBSD openssh in TLS-- I don't.

I've have matched stunnel and ssl library versions. Have tried every stunnel
version from 4.10 to 4.15
and and openssl 7f and 8a. Using a separate client config I have no problem
connectiing TLS
to bananas TLS SMTP server using stunnel 4.10, however I am unable to get a
connection to
banana using stunnel 4.15 (but that is another problem and 4.10 works so it
isn't a priority)

Here is the server config:
Commented out the verify = 3 directive because I am not using the client
certificate.
Server.pem is a standard RSA self-signed cert; I have also tried appending
DH
parameters to it with no luck.

#stunnel server setup
CAfile=CAcert.pem
CApath=certificates
cert=server.pem
debug = 7
#verify = 3
output = log.txt
client = no
options = all
RNDbytes = 1024
RNDfile = random.bfa
RNDoverwrite = yes
Ciphers = DHE-RSA-AES256-SHA:AES256-SHA
#service level configuration
[vnc]
accept = 0.0.0.0:7443
connect = 127.0.0.1:5900
delay = no

Here is the client config:

#stunnel client setup
CAfile=CAcert.pem
CApath=certificates
cert=client.pem
debug = 7
#verify = 3
output = log.txt
client = yes
options = all
RNDbytes = 1024
RNDfile = bananarand.bin
RNDoverwrite = yes
Ciphers = DHE-RSA-AES256-SHA:AES256-SHA

#service level configuration
[fox tls]
accept = localhost:5901
#connect localhost:5900
connect = 192.168.7.157:7443



These configs will connect AES258-SHA. If I remove AES256-SHA as a ciphers
list option the connection fails. The server side log file
says there are no shared ciphers. If I remove ciphers directive altogether
connection defaults to AES256-SHA (which isn't bad, but
it isn't TLS)

Thought: Do I need to append DH parameters to client.pem?

[ Post a follow-up to this message ]

OK. I am still not able to use DHE-RSA-AES256-SHA. I saw the message telling
me to compile stunnel to use diffie hellman parameters and I was previously
aware that using hd was not the default.

When I was able to get a connection to banana STMP that used DHE... I hoped
that the default stunnel compilation for windows had changed and it would
now use the ephemeral keys, but it sounds like that is not the case. So why
can I use DHE-RSA-AES256-SHA when I connect to banana?? Is it that banana's
stunnel server is compiled with dh support and the client end of the
connection doesn't matter? I used the same stunnel for my test connections,
so it was not compiled to use DH. If I get the right cipher suite on my
connection to banana it can only mean that only the server side has to use
dh. Is this right?

I can probably compile stunnel on the windows platform but I'd really like
to avoid it. I investigated doing it once and found the necessary
information but ran out of time. Has anyone provided an stunnel for windows
that uses dh, or am I on my own. Or even an stunnel for OpenBSD? I have two
OpenBSD servers I could use for stunnel if I have to.

Thanks

[ Post a follow-up to this message ]

cwilliams28@cox.net wrote in news:6Wr4g.6883$9c6.3117@dukeread11:

> OK. I am still not able to use DHE-RSA-AES256-SHA. I saw the message
> telling me to compile stunnel to use diffie hellman parameters and I
> was previously aware that using hd was not the default.
>
> When I was able to get a connection to banana STMP that used DHE... I
> hoped that the default stunnel compilation for windows had changed and
> it would now use the ephemeral keys, but it sounds like that is not
> the case. So why can I use DHE-RSA-AES256-SHA when I connect to
> banana?? Is it that banana's stunnel server is compiled with dh
> support and the client end of the connection doesn't matter? I used
> the same stunnel for my test connections, so it was not compiled to
> use DH. If I get the right cipher suite on my connection to banana it
> can only mean that only the server side has to use dh. Is this right?
>
> I can probably compile stunnel on the windows platform but I'd really
> like to avoid it. I investigated doing it once and found the necessary
> information but ran out of time. Has anyone provided an stunnel for
> windows that uses dh, or am I on my own. Or even an stunnel for
> OpenBSD? I have two OpenBSD servers I could use for stunnel if I have
> to.
>
> Thanks
>



I'm afraid you have now passed my somewhat shallow knowledge and are on
your own.  However, rather than shut up like a sensible man should, I'll
blither on:

My (limited) understanding is that in the TLS handshake to negotiate a
cipher suite the client sends (inter alia) a list of cipher suites it
supports.  But it is the *server* that picks from that list a cipher suite
it supports and wants to use.  If the server doesn't support the client's
first-nominated suite or if there is another suite supported at both ends
which the server prefers then it will not pick the client-preferred cipher
suite.  In short, wrt to cipher suites, the client proposes, the server
chooses.

http://en.wikipedia.org/wiki/Transport_Layer_Security

Regards,

[ Post a follow-up to this message ]