<div dir="ltr"><div><div>Hello,<br><br></div>To add TLS 1.3 compatibility on Stunnel, the following patch was applied and tested.<br><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC104" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"><br></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC105" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">--- options.c.orig      2018-03-13 04:06:01.410477727 +0000</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC106" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+++ options.c   2018-03-13 05:42:51.883782519 +0000</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC107" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">@@ -2675,6 +2675,18 @@ NOEXPORT char *parse_service_option(CMD</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC108" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"> #else /* defined(OPENSSL_NO_TLS1_2) */</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC109" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">             return "TLSv1.2 not supported";</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC110" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"> #endif /* !defined(OPENSSL_NO_TLS1_2) */</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC111" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+        } else if(!strcasecmp(arg, "TLSv1.3")) {</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC112" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+#ifndef OPENSSL_NO_TLS1_3</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC113" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+            section->client_method=(SSL_METHOD *)TLS_client_method();</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC114" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+            section->server_method=(SSL_METHOD *)TLS_server_method();</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC115" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+            section->ssl_options_set|= SSL_OP_NO_SSLv2;</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC116" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+            section->ssl_options_set|= SSL_OP_NO_SSLv3;</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC117" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+            section->ssl_options_set|= SSL_OP_NO_TLSv1;</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC118" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+            section->ssl_options_set|= SSL_OP_NO_TLSv1_1;</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC119" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+            section->ssl_options_set|= SSL_OP_NO_TLSv1_2;</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC120" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+#else /* defined(OPENSSL_NO_TLS1_3) */</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC121" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+            return "TLSv1.3 not supported";</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC122" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">+#endif</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC123" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line"> #endif /* OPENSSL_API_COMPAT<0x10100000L */</td>
      </tr>
      <tr>
        </tr></tbody></table><table class="gmail-highlight gmail-tab-size gmail-js-file-line-container"><tbody><tr><td id="gmail-file-gistfile1-txt-LC124" class="gmail-blob-code gmail-blob-code-inner gmail-js-file-line">         } else</td>
      </tr>
      <tr>
        </tr></tbody></table>             return "Incorrect version of TLS protocol";<br><br></div>Please see this link for more info about the test for TLS 1.3<br><a href="https://gist.github.com/jmutkawoa/c97f5d67ded592f6ad04389a3ade623e">https://gist.github.com/jmutkawoa/c97f5d67ded592f6ad04389a3ade623e</a> <br><div><div><br></div><div>Regards<br><br clear="all"></div><div><div><div><div><div class="gmail_signature"><div dir="ltr"><div><div><div><div><div>Nitin J Mutkawoa<br><br></div></div></div><a href="https://tunnelix.com" target="_blank">https://tunnelix.com</a><br></div><a href="https://hackers.mu" target="_blank">https://hackers.mu</a><br><br></div>Twitter: @TheTunnelix <br></div></div></div>
</div></div></div></div></div>