Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2020-10-12 00:01:59
Debian
Alexander, 2020-10-12 00:01:59

Stunnel stopped working after role switch, error: wrong version number?

There is mysql master>slave replication, it was configured via stunnel. After the crash, the master was switched over, so replication needs to be restored. After switching roles, stunnel started giving an error:

SSL_accept: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Client config:

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = local6.err

[mysql ]
client = yes
accept = 127.0.0.1:3307
connect = remote_ip:3307
retry = yes
sslVersion = TLSv1.2
CAfile = /var/lib/ssl/certs/ca.pem
cert = /var/lib/ssl/certs/KeyName .pem
key = /var/lib/ssl/private_keys/KeyName.pem

Master config:

pid=/var/run/stunnel4/smysql.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = local6.err

[mysql_server]
accept = 3307
connect = 127.0.0.1:3306
cert = /var/lib /ssl/certs/KeyName.pem
key = /var/lib/ssl/private_keys/KeyName.pem
CAfile = /var/lib/ssl/certs/ca.pem
CRLfile = /var/lib/ssl/crl.pem
verify = 2
sslVersion = TLSv1.2

Version stunnel on server and client:

stunnel 5.39 on x86_64-pc-linux-gnu platform
Compiled with OpenSSL 1.1.0c 10 Nov 2016
Running with OpenSSL 1.1.1d 10 Sep 2019
Update OpenSSL shared libraries or rebuild stunnel
Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP

Global options:
debug = daemon.notice
pid = /var/run/stunnel4.pid
RNDbytes = 64
RNDfile = /dev/ urandom
RNDoverwrite = yes

Service-level options:
ciphers = FIPS (with "fips = yes")
ciphers = HIGH:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no")
curve = prime256v1
debug = notice
logId = sequential
options = NO_SSLv2
options = NO_SSLv3
sessionCacheSize = 1000
sessionCacheTimeout = 300 seconds
stack = 65536 bytes
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none

Only one difference between them:
Server - Running with OpenSSL 1.1.1b 26 Feb 2019
Client - Running with OpenSSL 1.1 .1d 10 Sep 2019

Version OS: Debian Strech 9.12 (server and client)

If you return everything as it was, the error still remains. Didn't change certificates. Tried adding option options: NO_SSLv3, NO_SSLv2 and sslVersion = all. Everything is rolled by puppet, typo errors or the like. fails are excluded. Mysql does not offer replication using ssl at the moment, I'm not eager to rebut the prod base without the ability to switch records.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
N
nihi1ist2019-03-08 09:50:42
Debian 10. Server 1C:Enterprise 8.3.12.*. Why is authorization not passing? 2Reply
A
Alexander Vladimirovich2014-10-09 12:57:23
When will debian stable have php 5.5 out of the box? 3Reply
R
RJs452014-10-10 11:32:55
How to set email sender name on the server? 3Reply
M
maksam072019-03-13 14:51:07
How to upgrade MariaDB from 10.1 to 10.3 on Debian 9 (error appears during installation)? 2Reply
S
syxoi2016-10-14 18:04:53
What kind of *.pdiff files does apt download? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question