stunnel：使用 TLS 1.2 时出现 ssl3_get_record 错误

我正在尝试在stunnel本地主机上使用 HTTPS（端口 443）来为在端口 8000 上本地运行的开发 Web 服务器提供服务。

它启动并接受连接，但每次我打开时https://localhost:443，连接都会立即重置。

根据配置，相关证书属于 TLSv1.2 类型。

启动命令stunnel：

$sudo stunnel www.example.com.conf

配置文件：

pid=

cert = certs/www.example.com/fullchain.pem
key = certs/www.example.com/privkey.pem
sslVersion = TLSv1.2
foreground = yes
output = log/www.example.com.log
debug = 7

[https]
accept=443
connect=8000

命令的输出：

2018.05.20 16:54:38 LOG7[ui]: Clients allowed=500
2018.05.20 16:54:38 LOG5[ui]: stunnel 5.44 on x86_64-pc-linux-gnu platform
2018.05.20 16:54:38 LOG5[ui]: Compiled/running with OpenSSL 1.1.0g  2 Nov 2017
2018.05.20 16:54:38 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
2018.05.20 16:54:38 LOG7[ui]: errno: (*__errno_location ())
2018.05.20 16:54:38 LOG5[ui]: Reading configuration from file /home/helgihg/stunnel/www.example.com.conf
2018.05.20 16:54:38 LOG5[ui]: UTF-8 byte order mark not detected
2018.05.20 16:54:38 LOG5[ui]: FIPS mode disabled
2018.05.20 16:54:38 LOG7[ui]: Compression disabled
2018.05.20 16:54:38 LOG7[ui]: Snagged 64 random bytes from /home/helgihg/.rnd
2018.05.20 16:54:38 LOG7[ui]: Wrote 1024 new random bytes to /home/helgihg/.rnd
2018.05.20 16:54:38 LOG7[ui]: PRNG seeded successfully
2018.05.20 16:54:38 LOG6[ui]: Initializing service [https]
2018.05.20 16:54:38 LOG7[ui]: Ciphers: HIGH:!DH:!aNULL:!SSLv2
2018.05.20 16:54:38 LOG7[ui]: TLS options: 0x02024004 (+0x02004000, -0x00000000)
2018.05.20 16:54:38 LOG6[ui]: Loading certificate from file: certs/www.example.com/fullchain.pem
2018.05.20 16:54:38 LOG6[ui]: Certificate loaded from file: certs/www.example.com/fullchain.pem
2018.05.20 16:54:38 LOG6[ui]: Loading private key from file: certs/www.example.com/privkey.pem
2018.05.20 16:54:38 LOG6[ui]: Private key loaded from file: certs/www.example.com/privkey.pem
2018.05.20 16:54:38 LOG7[ui]: Private key check succeeded
2018.05.20 16:54:38 LOG7[ui]: DH initialization
2018.05.20 16:54:38 LOG7[ui]: Could not load DH parameters from certs/www.example.com/fullchain.pem
2018.05.20 16:54:38 LOG6[ui]: Using dynamic DH parameters
2018.05.20 16:54:38 LOG7[ui]: ECDH initialization
2018.05.20 16:54:38 LOG7[ui]: ECDH initialized with curve prime256v1
2018.05.20 16:54:38 LOG5[ui]: Configuration successful
2018.05.20 16:54:38 LOG7[ui]: Binding service [https]
2018.05.20 16:54:38 LOG7[ui]: Listening file descriptor created (FD=7)
2018.05.20 16:54:38 LOG7[ui]: Option SO_REUSEADDR set on accept socket
2018.05.20 16:54:38 LOG7[ui]: Service [https] (FD=7) bound to 0.0.0.0:443
2018.05.20 16:54:38 LOG7[ui]: No pid file being created
2018.05.20 16:54:38 LOG7[cron]: Cron thread initialized

以下是我使用浏览器访问时发生的情况：

2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55668
2018.05.20 16:55:20 LOG7[0]: Service [https] started
2018.05.20 16:55:20 LOG7[0]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[0]: Service [https] accepted connection from 127.0.0.1:55668
2018.05.20 16:55:20 LOG6[0]: Peer certificate not required
2018.05.20 16:55:20 LOG7[0]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[0]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[0]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[0]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55670
2018.05.20 16:55:20 LOG7[1]: Service [https] started
2018.05.20 16:55:20 LOG7[1]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[1]: Service [https] accepted connection from 127.0.0.1:55670
2018.05.20 16:55:20 LOG6[1]: Peer certificate not required
2018.05.20 16:55:20 LOG7[1]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[1]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[1]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[1]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55672
2018.05.20 16:55:20 LOG7[2]: Service [https] started
2018.05.20 16:55:20 LOG7[2]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[2]: Service [https] accepted connection from 127.0.0.1:55672
2018.05.20 16:55:20 LOG6[2]: Peer certificate not required
2018.05.20 16:55:20 LOG7[2]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[2]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[2]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[2]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55674
2018.05.20 16:55:20 LOG7[3]: Service [https] started
2018.05.20 16:55:20 LOG7[3]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[3]: Service [https] accepted connection from 127.0.0.1:55674
2018.05.20 16:55:20 LOG6[3]: Peer certificate not required
2018.05.20 16:55:20 LOG7[3]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[3]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[3]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[3]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55676
2018.05.20 16:55:20 LOG7[4]: Service [https] started
2018.05.20 16:55:20 LOG7[4]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[4]: Service [https] accepted connection from 127.0.0.1:55676
2018.05.20 16:55:20 LOG6[4]: Peer certificate not required
2018.05.20 16:55:20 LOG7[4]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[4]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[4]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[4]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[4]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55678
2018.05.20 16:55:20 LOG7[5]: Service [https] started
2018.05.20 16:55:20 LOG7[5]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[5]: Service [https] accepted connection from 127.0.0.1:55678
2018.05.20 16:55:20 LOG6[5]: Peer certificate not required
2018.05.20 16:55:20 LOG7[5]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[5]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[5]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[5]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[5]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55680
2018.05.20 16:55:20 LOG7[6]: Service [https] started
2018.05.20 16:55:20 LOG7[6]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[6]: Service [https] accepted connection from 127.0.0.1:55680
2018.05.20 16:55:20 LOG6[6]: Peer certificate not required
2018.05.20 16:55:20 LOG7[6]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[6]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[6]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[6]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[6]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55682
2018.05.20 16:55:20 LOG7[7]: Service [https] started
2018.05.20 16:55:20 LOG7[7]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[7]: Service [https] accepted connection from 127.0.0.1:55682
2018.05.20 16:55:20 LOG6[7]: Peer certificate not required
2018.05.20 16:55:20 LOG7[7]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[7]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[7]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[7]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[7]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55684
2018.05.20 16:55:20 LOG7[8]: Service [https] started
2018.05.20 16:55:20 LOG7[8]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[8]: Service [https] accepted connection from 127.0.0.1:55684
2018.05.20 16:55:20 LOG6[8]: Peer certificate not required
2018.05.20 16:55:20 LOG7[8]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[8]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[8]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[8]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[8]: Service [https] finished (0 left)
2018.05.20 16:55:20 LOG7[ui]: Found 1 ready file descriptor(s)
2018.05.20 16:55:20 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2018.05.20 16:55:20 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2018.05.20 16:55:20 LOG7[ui]: Service [https] accepted (FD=3) from 127.0.0.1:55686
2018.05.20 16:55:20 LOG7[9]: Service [https] started
2018.05.20 16:55:20 LOG7[9]: Option TCP_NODELAY set on local socket
2018.05.20 16:55:20 LOG5[9]: Service [https] accepted connection from 127.0.0.1:55686
2018.05.20 16:55:20 LOG6[9]: Peer certificate not required
2018.05.20 16:55:20 LOG7[9]: TLS state (accept): before SSL initialization
2018.05.20 16:55:20 LOG3[9]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request
2018.05.20 16:55:20 LOG5[9]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2018.05.20 16:55:20 LOG7[9]: Local descriptor (FD=3) closed
2018.05.20 16:55:20 LOG7[9]: Service [https] finished (0 left)

我怀疑问题出在这里：

2018.05.20 16:55:20 LOG3[9]: SSL_accept: 1408F09C: error:1408F09C:SSL routines:ssl3_get_record:http request

但我不知道为什么会涉及到过时的 SSLv3 协议。我 3 年前使用的配置确实使用了 SSLv3，但这是 TLSv1.2 证书，配置明确表示为 TLSv3。我的版本stunnel实际上似乎不支持 SSLv3，我认为我也不需要它。

这就是我被困住的地方。任何帮助都深表感谢。