Join Log in
Score:0
avatar Server

Unable to connect to stunnelled RTSP stream using VLC mediaplayer

cn flag
ngzhongcai

This problem has been plaguing me for quite a while. I've setup Stunnel (v5.59) on my Windows10 desktop. Certificates were generated with Certbot (beta1.15.0) for my internal network.

Stunnel configuration is as follows:

socket= l:TCP_NODELAY=1
socket= r:TCP_NODELAY=1
output= stunnel.log 
debug= 7 

[rtsp]
cert= fullchain1.pem
key= privkey1.pem
sslVersion= TLSv1.2 
options= NO_SSLv2
options= NO_SSLv3
accept= 443
connect= 192.168.30.1:7447 
TIMEOUTclose= 0

On starting Stunnel, the logs is as follows:

2021.10.08 12:24:49 LOG6[main]: Initializing inetd mode configuration
2021.10.08 12:24:49 LOG7[main]: Running on Windows 6.2
2021.10.08 12:24:49 LOG7[main]: No limit detected for the number of clients
2021.10.08 12:24:49 LOG5[main]: stunnel 5.59 on x64-pc-mingw32-gnu platform
2021.10.08 12:24:49 LOG5[main]: Compiled/running with OpenSSL 1.1.1k  25 Mar 2021
2021.10.08 12:24:49 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2021.10.08 12:24:49 LOG7[main]: errno: (*_errno())
2021.10.08 12:24:49 LOG7[ui]: GUI message loop initialized
2021.10.08 12:24:49 LOG6[main]: Initializing inetd mode configuration
2021.10.08 12:24:49 LOG7[main]: Running on Windows 6.2
2021.10.08 12:24:49 LOG5[main]: Reading configuration from file stunnel.conf
2021.10.08 12:24:49 LOG5[main]: UTF-8 byte order mark detected
2021.10.08 12:24:49 LOG5[main]: FIPS mode disabled
2021.10.08 12:24:49 LOG6[main]: Compression enabled: 0 methods
2021.10.08 12:24:49 LOG7[main]: No PRNG seeding was required
2021.10.08 12:24:49 LOG6[main]: Initializing service [rtsp]
2021.10.08 12:24:49 LOG6[main]: stunnel default security level set: 2
2021.10.08 12:24:49 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2021.10.08 12:24:49 LOG7[main]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
2021.10.08 12:24:49 LOG7[main]: TLS options: 0x02100004 (+0x02000000, -0x00000000)
2021.10.08 12:24:49 LOG6[main]: Loading certificate from file: fullchain1.pem
2021.10.08 12:24:49 LOG6[main]: Certificate loaded from file: fullchain1.pem
2021.10.08 12:24:49 LOG6[main]: Loading private key from file: privkey1.pem
2021.10.08 12:24:49 LOG6[main]: Private key loaded from file: privkey1.pem
2021.10.08 12:24:49 LOG7[main]: Private key check succeeded
2021.10.08 12:24:49 LOG6[main]: DH initialization skipped: no DH ciphersuites
2021.10.08 12:24:49 LOG7[main]: ECDH initialization
2021.10.08 12:24:49 LOG7[main]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384
2021.10.08 12:24:49 LOG5[main]: Configuration successful
2021.10.08 12:24:49 LOG7[main]: Deallocating deployed section defaults
2021.10.08 12:24:49 LOG7[main]: Binding service [rtsp]
2021.10.08 12:24:49 LOG7[main]: Listening file descriptor created (FD=528)
2021.10.08 12:24:49 LOG7[main]: Setting accept socket options (FD=528)
2021.10.08 12:24:49 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2021.10.08 12:24:49 LOG6[main]: Service [rtsp] (FD=528) bound to 0.0.0.0:443
2021.10.08 12:24:49 LOG7[cron]: Cron thread initialized
2021.10.08 12:24:49 LOG6[cron]: Executing cron jobs
2021.10.08 12:24:49 LOG6[cron]: Cron jobs completed in 0 seconds
2021.10.08 12:24:49 LOG7[cron]: Waiting 86400 seconds

From a VLC mediaplayer on the same machine that's running Stunnel, I tried accessing the stunnelled RTSP stream.

2021.10.08 12:27:16 LOG7[main]: Found 1 ready file descriptor(s)
2021.10.08 12:27:16 LOG7[main]: FD=528 ifds=r-x ofds=r--
2021.10.08 12:27:16 LOG7[main]: FD=556 ifds=r-x ofds=---
2021.10.08 12:27:16 LOG7[main]: Service [rtsp] accepted (FD=848) from 192.168.30.178:55336
2021.10.08 12:27:16 LOG7[main]: Creating a new thread
2021.10.08 12:27:16 LOG7[main]: New thread created
2021.10.08 12:27:16 LOG7[0]: Service [rtsp] started
2021.10.08 12:27:16 LOG7[0]: Setting local socket options (FD=848)
2021.10.08 12:27:16 LOG7[0]: Option TCP_NODELAY set on local socket
2021.10.08 12:27:16 LOG5[0]: Service [rtsp] accepted connection from 192.168.30.178:55336
2021.10.08 12:27:16 LOG6[0]: Peer certificate not required
2021.10.08 12:27:16 LOG7[0]: TLS state (accept): before SSL initialization
2021.10.08 12:27:16 LOG3[0]: SSL_accept: ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2021.10.08 12:27:16 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2021.10.08 12:27:16 LOG7[0]: Local descriptor (FD=848) closed
2021.10.08 12:27:16 LOG7[0]: Service [rtsp] finished (0 left)

Can someone give me clues? I tried google-ing for "Ssl3_get_record:wrong version number". But the results aren't helpful.

I ran the following command to connect to the stunnel machine:

openssl s_client -connect <domain_of_stunnel_machine>:443 -tls1_2

Stunnel responded with logs:

2021.10.08 12:51:57 LOG7[main]: Found 1 ready file descriptor(s)
2021.10.08 12:51:57 LOG7[main]: FD=540 ifds=r-x ofds=r--
2021.10.08 12:51:57 LOG7[main]: FD=548 ifds=r-x ofds=---
2021.10.08 12:51:57 LOG7[main]: Service [rtsp] accepted (FD=868) from 192.168.30.169:53837
2021.10.08 12:51:57 LOG7[main]: Creating a new thread
2021.10.08 12:51:57 LOG7[main]: New thread created
2021.10.08 12:51:57 LOG7[0]: Service [rtsp] started
2021.10.08 12:51:57 LOG7[0]: Setting local socket options (FD=868)
2021.10.08 12:51:57 LOG7[0]: Option TCP_NODELAY set on local socket
2021.10.08 12:51:57 LOG5[0]: Service [rtsp] accepted connection from 192.168.30.169:53837
2021.10.08 12:51:57 LOG6[0]: Peer certificate not required
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): before SSL initialization
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): before SSL initialization
2021.10.08 12:51:57 LOG7[0]: Decrypt session ticket callback
2021.10.08 12:51:57 LOG7[0]: Initializing application specific data for session authenticated
2021.10.08 12:51:57 LOG7[0]: SNI: no virtual services defined
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS read client hello
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write server hello
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write certificate
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write key exchange
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write server done
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write server done
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS read client key exchange
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS read change cipher spec
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS read finished
2021.10.08 12:51:57 LOG7[0]: Generate session ticket callback
2021.10.08 12:51:57 LOG7[0]: Initializing application specific data for session authenticated
2021.10.08 12:51:57 LOG7[0]: Deallocating application specific data for session connect address
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write session ticket
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write change cipher spec
2021.10.08 12:51:57 LOG7[0]: TLS state (accept): SSLv3/TLS write finished
2021.10.08 12:51:57 LOG7[0]:      1 server accept(s) requested
2021.10.08 12:51:57 LOG7[0]:      1 server accept(s) succeeded
2021.10.08 12:51:57 LOG7[0]:      0 server renegotiation(s) requested
2021.10.08 12:51:57 LOG7[0]:      0 session reuse(s)
2021.10.08 12:51:57 LOG7[0]:      0 internal session cache item(s)
2021.10.08 12:51:57 LOG7[0]:      0 internal session cache fill-up(s)
2021.10.08 12:51:57 LOG7[0]:      0 internal session cache miss(es)
2021.10.08 12:51:57 LOG7[0]:      0 external session cache hit(s)
2021.10.08 12:51:57 LOG7[0]:      0 expired session(s) retrieved
2021.10.08 12:51:57 LOG6[0]: TLS accepted: new session negotiated
2021.10.08 12:51:57 LOG6[0]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2021.10.08 12:51:57 LOG3[0]: SSL_get_peer_tmp_key: Peer suddenly disconnected
2021.10.08 12:51:57 LOG7[0]: Compression: null, expansion: null
2021.10.08 12:51:57 LOG6[0]: s_connect: connecting 192.168.30.1:7447
2021.10.08 12:51:57 LOG7[0]: s_connect: s_poll_wait 192.168.30.1:7447: waiting 10 seconds
2021.10.08 12:51:57 LOG7[0]: FD=868 ifds=--- ofds=r--
2021.10.08 12:51:57 LOG7[0]: FD=892 ifds=rwx ofds=---
2021.10.08 12:51:57 LOG5[0]: s_connect: connected 192.168.30.1:7447
2021.10.08 12:51:57 LOG6[0]: persistence: 192.168.30.1:7447 cached
2021.10.08 12:51:57 LOG5[0]: Service [rtsp] connected remote server from 192.168.30.178:54762
2021.10.08 12:51:57 LOG7[0]: Setting remote socket options (FD=892)
2021.10.08 12:51:57 LOG7[0]: Option TCP_NODELAY set on remote socket
2021.10.08 12:51:57 LOG7[0]: Remote descriptor (FD=892) initialized
193
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.