Hello Together,

I had been trying to use a stunnel to set PSK encrypted TLS.
Below is my conf file.

[client]
client = yes
accept = 127.0.0.1:8888
connect = 192.168.1.100:443
ciphers = PSK-AES128-CBC-SHA256
PSKsecrets = /data/dummy.txt

I can see communication, but client e.g. Stunnel from Client side offer several other cipher in addition to exact one which is expected as per conf.
I wish PSK-AES128-CBC-SHA256 (0x00ae)

But I see the list below in actual communication.

image.png

Please let me know 
1 .how we can inform stunnel to use exact and only 1 cipher provided in the conf file.
Or
2. How can we state hex id instead of string.

If I see a cipher list, with the same keyword as a part or whole there are more than 1 ciphers, I suppose this causes stunnel to take a list as per string match.

ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA256
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA256
PSK-AES128-CBC-SHA256   TLSv1 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA256

Can we make a stunnel to select only one exact cipher?