[stunnel-users] exclusively TLS

• Previous message (by thread): [stunnel-users] exclusively TLS
• Next message (by thread): [stunnel-users] exclusively TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 20 Jan 2006, Moehrke, John (GE Healthcare) wrote:

> It is not the list of ciphers that I want to choose from. We are indeed
> using a select set of ciphers and that seems to be working fine. My
> problem is that when stunnel connects to the server it is trying sslv3,
> and this causes an error as the server is only supporting TLS. I could
> easily be wrong...

Ah, that way.

options = SSL_options
     OpenSSL library options

     The parameter is the OpenSSL option name as described in the 
SSL_CTX_set_options(3ssl) manual, but without SSL_OP_ prefix. Several 
options can be used to specify multiple options.

     For example for compatibility with erroneous Eudora SSL implementation 
the following option can be used:

     options = DONT_INSERT_EMPTY_FRAGMENTS

Check the SSL_CTX_set_options manpage, it says -amongst other things-:

        SSL_OP_NO_SSLv2
            Do not use the SSLv2 protocol.

        SSL_OP_NO_SSLv3
            Do not use the SSLv3 protocol.

        SSL_OP_NO_TLSv1
            Do not use the TLSv1 protocol.


That ought to do the trick I'd say.

Let us know if it did :)


Jan

-- 
http://www.surfnet.nl/organisatie/jame

• Previous message (by thread): [stunnel-users] exclusively TLS
• Next message (by thread): [stunnel-users] exclusively TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]