[stunnel-users] Configure Error

Thu Apr 13 22:15:31 CEST 2017

Please let me know if I am completely off.  The version of openssl we are
running is 0.9.8e-fips-rhel5 01 Jul 2008.   So if we want version  TLS1.1+
then we need to recompile the STUNNEL src with an updated version of
openssl we are running on our server.  Something higher than 0.9.8.   Is
that right ?  Is it possible to find a version that was already compiled
with a higher version of openssl ?

On Wed, Apr 12, 2017 at 5:49 PM, Rob Lockhart <rlockhar at gmail.com> wrote:

>
>
> On Wed, Apr 12, 2017 at 5:22 PM, Kenway Ng <kenwayng at gmail.com> wrote:
>
>>
>> I am trying to upgrade our version of stunnel.  Our SME left and now I am
>> trying to upgrade stunnel to fix a vulnerability .  I am being told to use
>> TLS1.1 or higher
>>
>> $ ./stunnel -version
>>
>> stunnel 4.15 on x86_64-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01
>> Jul 2008
>>
>> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
>>
>>
>>
>
> I don't have RHEL5 64-bit but these links may help:
>
> https://miteshshah.github.io/linux/centos/how-to-enable-
> openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/
>
> http://serverfault.com/questions/296765/cannot-find-ssl-libraries-when-
> configuring-stunnel
>
> These links involve re-compiling OpenSSL and Stunnel, in that order. I
> would opt for OpenSSL 1.0.2k (latest as of 20170412) since 1.0.1 and below
> are all EOL as of 12/31/2016. OpenSSL 0.9.8 supports only TLS v1.0,
> whereas OpenSSL 1.0.1 supports TLS v1.0, v1.1 and v1.2.
>
>  -Rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170413/7ae1a198/attachment.html>