Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2020-10-12 00:01:59
Debian
Alexander, 2020-10-12 00:01:59

Stunnel stopped working after role switch, error: wrong version number?

There is mysql master>slave replication, it was configured via stunnel. After the crash, the master was switched over, so replication needs to be restored. After switching roles, stunnel started giving an error:

SSL_accept: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Client config:

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = local6.err

[mysql ]
client = yes
accept = 127.0.0.1:3307
connect = remote_ip:3307
retry = yes
sslVersion = TLSv1.2
CAfile = /var/lib/ssl/certs/ca.pem
cert = /var/lib/ssl/certs/KeyName .pem
key = /var/lib/ssl/private_keys/KeyName.pem

Master config:

pid=/var/run/stunnel4/smysql.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = local6.err

[mysql_server]
accept = 3307
connect = 127.0.0.1:3306
cert = /var/lib /ssl/certs/KeyName.pem
key = /var/lib/ssl/private_keys/KeyName.pem
CAfile = /var/lib/ssl/certs/ca.pem
CRLfile = /var/lib/ssl/crl.pem
verify = 2
sslVersion = TLSv1.2

Version stunnel on server and client:

stunnel 5.39 on x86_64-pc-linux-gnu platform
Compiled with OpenSSL 1.1.0c 10 Nov 2016
Running with OpenSSL 1.1.1d 10 Sep 2019
Update OpenSSL shared libraries or rebuild stunnel
Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP

Global options:
debug = daemon.notice
pid = /var/run/stunnel4.pid
RNDbytes = 64
RNDfile = /dev/ urandom
RNDoverwrite = yes

Service-level options:
ciphers = FIPS (with "fips = yes")
ciphers = HIGH:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no")
curve = prime256v1
debug = notice
logId = sequential
options = NO_SSLv2
options = NO_SSLv3
sessionCacheSize = 1000
sessionCacheTimeout = 300 seconds
stack = 65536 bytes
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none

Only one difference between them:
Server - Running with OpenSSL 1.1.1b 26 Feb 2019
Client - Running with OpenSSL 1.1 .1d 10 Sep 2019

Version OS: Debian Strech 9.12 (server and client)

If you return everything as it was, the error still remains. Didn't change certificates. Tried adding option options: NO_SSLv3, NO_SSLv2 and sslVersion = all. Everything is rolled by puppet, typo errors or the like. fails are excluded. Mysql does not offer replication using ssl at the moment, I'm not eager to rebut the prod base without the ability to switch records.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
A
Anton B2015-12-08 15:32:51
How can I force Exim to send emails through another server? 2Reply
T
Tyoma Makeev2015-12-12 04:25:37
What VPS benchmarks should be done for a more objective performance assessment? 2Reply
B
betal2012-10-03 23:51:33
How to check PV in Xen? 3Reply
S
slinkinone2018-04-22 01:18:57
How to use QtCreator with wayland? 0Reply
K
kenny_gomel2015-12-14 15:56:59
How to overcome /usr/bin/ld: cannot find -lperl? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question