-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Hogan wrote:
2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write client hello A [cut] I have a basic (shaky) understanding that the "handshake" for TLS does downgrade to SSLv3 if newer versions of TLS fail, but I am wondering if I apply the update recommended on the firewall, will this cut the communication for the SMTP relay, the way I am using it?
The debug messages produced by stunnel can sometimes be confusing. They are intended to be helpful to developers, and not end-users. OpenSSL implements the SSL/TLS/DTLS protocols with three separate finite state machines: SSLv2, SSLv3, and DTLS1. http://en.wikipedia.org/wiki/Automata-based_programming All TLS protocols use the SSLv3 state machine, thus the state name does not reflect the actual protocol being negotiated. See the source for details: https://github.com/openssl/openssl/blob/master/ssl/ssl_stat.c Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlRREk8ACgkQ/NU+nXTHMtGLPwCgiA1tfq7LhNC600d5eVbWugLk coUAn1mGA4mWBAchUu5+d6nYfxe0isgr =p4hH -----END PGP SIGNATURE-----