Of course, you need to upgrade. You’re trying to use a 10 year old version of stunnel. You’re putting yourself in risky by using such old piece of software.
Regards, Jose
On 28/05/2025, at 1:57 PM, joverton--- via stunnel-users [email protected] wrote:
I have searched online, but was unable to fine any definitive answer on the minimum version of stunnel required for TLS 1.2.
I have a client using stunnel 5.01 with our solution and they want to activate TLS 1.2. Their setup looks like this: 2014.05.15 13:38:22 LOG5[10132]: stunnel 5.01 on x86-pc-msvc-1500 platform 2014.05.15 13:38:22 LOG5[10132]: Compiled/running with OpenSSL 1.0.1g-fips 7 Apr 2014 2014.05.15 13:38:22 LOG5[10132]: Threading:WIN32 Sockets:SELECT,IPv6 SSL:ENGINE,OCSP,FIPS 2014.05.15 13:38:22 LOG5[10132]: Reading configuration from file stunnel.conf 2014.05.15 13:38:22 LOG5[10132]: FIPS mode disabled 2014.05.15 13:38:22 LOG5[10132]: Configuration successful
Everything works fine without requiring TLS 1.2, but when that is required, we get the following error: 2025.05.14 07:04:45 LOG7[3796]: SSL state (connect): before/connect initialization 2025.05.14 07:04:45 LOG7[3796]: SSL state (connect): SSLv3 write client hello A 2025.05.14 07:04:45 LOG7[3796]: SSL alert (read): fatal: protocol version 2025.05.14 07:04:45 LOG3[3796]: SSL_connect: 1409442E: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version 2025.05.14 07:04:45 LOG5[3796]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2025.05.14 07:04:45 LOG7[3796]: Remote socket (FD=840) closed 2025.05.14 07:04:45 LOG7[3796]: Local socket (FD=832) closed
- Do we need to change anything in stunnel.conf?
- Do we need to upgrade stunnel?
Many Thanks, John _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]