Hi,
Sorry for my english.
I have a stunnel 5.00 with TLSv1.2
+-+-+-+ stunnel 5.00 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1f 6 Jan 2014 Threading:PTHREAD Sockets:POLL,IPv4 SSL:ENGINE,OCSP errno: (*__errno_location ()) +-+-+-+
nmap --script +ssl-enum-ciphers -Pn -p PORT IP_HOST | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | compressors: | NULL | cipher preference: indeterminate | cipher preference error: Too few ciphers supported |_ least strength: A
Can you post .conf file server?
The client side app support TLSv1.2?
Regards.
El 28/5/25 a las 20:14, joverton--- via stunnel-users escribió:
I have searched online, but was unable to fine any definitive answer on the minimum version of stunnel required for TLS 1.2.
I have a client using stunnel 5.01 with our solution and they want to activate TLS 1.2. Their setup looks like this: 2014.05.15 13:38:22 LOG5[10132]: stunnel 5.01 on x86-pc-msvc-1500 platform 2014.05.15 13:38:22 LOG5[10132]: Compiled/running with OpenSSL 1.0.1g-fips 7 Apr 2014 2014.05.15 13:38:22 LOG5[10132]: Threading:WIN32 Sockets:SELECT,IPv6 SSL:ENGINE,OCSP,FIPS 2014.05.15 13:38:22 LOG5[10132]: Reading configuration from file stunnel.conf 2014.05.15 13:38:22 LOG5[10132]: FIPS mode disabled 2014.05.15 13:38:22 LOG5[10132]: Configuration successful
Everything works fine without requiring TLS 1.2, but when that is required, we get the following error: 2025.05.14 07:04:45 LOG7[3796]: SSL state (connect): before/connect initialization 2025.05.14 07:04:45 LOG7[3796]: SSL state (connect): SSLv3 write client hello A 2025.05.14 07:04:45 LOG7[3796]: SSL alert (read): fatal: protocol version 2025.05.14 07:04:45 LOG3[3796]: SSL_connect: 1409442E: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version 2025.05.14 07:04:45 LOG5[3796]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2025.05.14 07:04:45 LOG7[3796]: Remote socket (FD=840) closed 2025.05.14 07:04:45 LOG7[3796]: Local socket (FD=832) closed
- Do we need to change anything in stunnel.conf?
- Do we need to upgrade stunnel?
Many Thanks, John _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]