[stunnel-users] Multiple versions of TLS in config?

• Previous message (by thread): [stunnel-users] 5.xx Windows binaries - FIPS compliant?
• Next message (by thread): [stunnel-users] Multiple versions of TLS in config?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Unless I'm mistaken, stunnel version 5 currently supports the options
shown below for sslVersion:

all => TLS v1.0, TLS v1.1, TLS v1.2, SSLv2, SSLv3
TLSv1 => TLS v1.0 only (not TLS v1.1, TLSv1.2, SSLv2 or SSLv3)
TLSv1.1 => TLS v1.1 only
TLSv1.2 => TLS v1.2 only

In order to support TLS v1.0, TLS v1.1 and TLS v1.2 but disable SSLv2
and SSLv3, you should have in the config file:

sslVersion = all
options = NO_SSLv2
options = NO_SSLv3

(those last two lines may be default in the new Stunnel). However,
what if I want to just have TLSv1.1 and TLSv1.2 but NOT TLSv1.0? I
last tried this with Stunnel v5.10 but nothing in the changelogs tells
me that this behavior has been changed to choose a list of protocols;
only one parameter is accepted.

Is there a way to allow TLSv1.1 and TLSv1.2 but disallow TLSv1.0?

Thanks,
 -Rob

• Previous message (by thread): [stunnel-users] 5.xx Windows binaries - FIPS compliant?
• Next message (by thread): [stunnel-users] Multiple versions of TLS in config?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]