<![CDATA[Форум Рутокен — Настройка Stunnel 5.5 для ГИС ЖКХ]]> https://forum.rutoken.ru/topic/2952/ Thu, 21 Feb 2019 11:38:08 +0000 PunBB <![CDATA[Re: Настройка Stunnel 5.5 для ГИС ЖКХ]]> https://forum.rutoken.ru/post/12726/#p12726 Надо поменять sslVersion=TLSv1 на  текущую версию OpenSSL sslVersion=TLSv1.1

]]> Thu, 21 Feb 2019 11:38:08 +0000 https://forum.rutoken.ru/post/12726/#p12726 <![CDATA[Настройка Stunnel 5.5 для ГИС ЖКХ]]> https://forum.rutoken.ru/post/12725/#p12725 Добрый день . Скачали новую версию Stunnel 5.5  64 разр. до этой версии была версия 2016 stunnel 5.3. 32 разрядная Столкнулись со следующей проблемой
1) Когда запускается сам stunnel.exe выдается ошибка в конфигурации
Работаем  с ГИС ЖКХ.  Используем при работе ГОСТ 34.10-2001
в старом конфиге использовали 32 разрядную  pkcs11_gost.dll
Файл конфигурации

verify=2 
client=yes 

;ppak
CAFile=CA-PPAK.pem

sslVersion=TLSv1   
taskbar=yes   
DEBUG=7   
engine=pkcs11
engineCtrl=MODULE_PATH:rtpkcs11ecp.dll   
engineDefault=ALL

[pseudo-https]
engineNum = 1

;ppak
cert=client.crt 

key = 70:6c:75:67:69:6e:32:30:31:38:30:32:32:31:31:33:34:38:34:36

accept = 127.0.0.1:8777 
connect = api.dom.gosuslugi.ru:443

ciphers = GOST2001-GOST89-GOST89
TIMEOUTclose = 0


Выдает следующий лог
[ ] Running on Windows 6.2
[ ] No limit detected for the number of clients
[.] stunnel 5.50 on x64-pc-mingw32-gnu platform
[.] Compiled/running with OpenSSL 1.1.1a  20 Nov 2018
[.] Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
[ ] errno: (*_errno())
[ ] GUI message loop initialized
[ ] Running on Windows 6.2
[.] Reading configuration from file stunnel.conf
[.] UTF-8 byte order mark not detected
[ ] Enabling support for engine "pkcs11"
[.] UI set for engine #1 (pkcs11)
[ ] Executing engine control command MODULE_PATH:rtpkcs11ecp.dll
[ ] Engine #1 (pkcs11) set as default for ALL
[ ] Initializing engine #1 (pkcs11)
[ ] Engine #1 (pkcs11) initialized
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [pseudo-https]
[ ] Ciphers: GOST2001-GOST89-GOST89
[ ] TLS options: 0x02100004 (+0x00000000, -0x00000000)
[ ] Client certificate engine (pkcs11) not supported
[ ] Loading certificate from engine ID: client.crt
[!] ENGINE_ctrl_cmd: 80064064: error:80064064:pkcs11 engine:ctx_load_cert:invalid id
[ ] Initializing private key on engine ID: 70:6c:75:67:69:6e:32:30:31:38:30:32:32:31:31:33:34:38:34:36
[!] error queue: 26096080: error:26096080:engine routines:ENGINE_load_private_key:failed loading private key
[!] ENGINE_load_private_key: 80065064: error:80065064:pkcs11 engine:ctx_load_key:invalid id
[ ] Loading certificate from file: client.crt
[!] error queue: 140AB18F: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
[!] error queue: B09406F: error:0B09406F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm
[!] SSL_CTX_use_certificate_chain_file: 609E09C: error:0609E09C:digital envelope routines:pkey_set_type:unsupported algorithm
[!] Service [pseudo-https]: Failed to initialize TLS context
[ ] Deallocating section defaults

[!] Server is down

]]> Thu, 21 Feb 2019 09:51:25 +0000 https://forum.rutoken.ru/post/12725/#p12725