Hi,

Is there any way to make the sslVersion version take multiple options? I would like to restrict things to TLSv1 or SSLv3 but it seems only one option can be specified. I tried specifying this in the cipher section instead of ALL but couldn't seem to get it to work.


Also here is something a little weird I've noticed, if anyone else has ran into it before and knows what's going on. With sites set to use TLSv1, sometimes while testing a HTTPS site using Firefox SSL (when both SSLv3 and TLSv1 is enabled in Firefox) sometimes the site won't come up. It feels like Firefox is using a weird SSL version to do the SSL certificate verification but once you trust the certificate it uses the right settings. I've set sslVersion = all, and trusted the SSL certificate in Firefox, then set sslVersion = TLSv1 again and I can get to the site ok at that point. Kind of weird. I'm probably just going to have to leave sslVersion = all, but Nessus and other security scans really like things locked down to just TLSv1 or SSLv3.

stunnel: LOG5[17972:3086609296]: https-site01 accepted connection from 1.2.3.4:50878
stunnel: LOG3[17972:3086609296]: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
stunnel: LOG5[17972:3086609296]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket