Failed to initialize TLS context

Question

I have installed stunnel version stunnel-5.43.tar.gz on linux server. after assign certification path and stunnel.conf file, my stunnel is not able to start due to tlsversion . see this is my stunnel.conf:

[abc] 
client = yes cert = /usr/local/etc/stunnel/cert.pem key = /usr/local/etc/stunnel/key.pem CAfile = /usr/local/etc/stunnel/Cert.pem sslVersion = TLSv1.2 accept = 127.0.0.1:5001 connect = x.x.x.x:port

I am getting this error while starting stunnel:

[root@test stunnel]# stunnel #Certification loaded here  >Loading certificate from file: /usr/local/etc/stunnel/cert.pem >Certificate loaded from file: /usr/local/etc/stunnel/cert.pem >Loading private key from file: /usr/local/etc/stunnel/key.pem >Insecure file permissions on /usr/local/etc/stunnel/key.pem >#Getting here >SSL_CTX_use_PrivateKey_file: B080074: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch >Service [abc]: Failed to initialize TLS context 

Service [abc]: Failed to initialize TLS context

Answer 1

You can also use: https://github.com/square/ghostunnel

bin/ghostunnel client  --listen localhost:8443 --target fixbeta-rhub.bloomberg.com:8228 --keystore keys/fixbeta-rhub.bloomberg.com.p12     --cacert keys/CACerts.pem   --override-server-name=fixbeta.bloomberg.com

Answer 2

Make sure your private key file (/usr/local/etc/stunnel/key.pem) has permissions set to 600 with:

chmod 600 /usr/local/etc/stunnel/key.pem

From the stunnel manual:

The stunnel.pem file contains your key (private data) and certificate (public data). In order for stunnel to start automatically without requiring a password, the key is created without a password. This means that anyone who can read this file can compromise your SSL security. This file must be readable only by root, or the user who runs stunnel.