Hello,

I am facing the below difficulties while using a stunnel for CA File as TLS Server.

-- TLS Server running in Windows

-- Use of CA File

-- Cipher use from client is: -- ciphers = ECDHE-ECDSA-AES256-GCM-SHA384

21.07.20 23:38:32 LOG7[11]: Decrypt session ticket callback
2021.07.20 23:38:32 LOG7[11]: Initializing application specific data for session authenticated
2021.07.20 23:38:32 LOG7[11]: SNI: no virtual services defined
2021.07.20 23:38:32 LOG7[11]: TLS alert (write): fatal: handshake failure
2021.07.20 23:38:32 LOG3[11]: SSL_accept: ssl/statem/statem_srvr.c:2283: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
2021.07.20 23:38:32 LOG5[11]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2021.07.20 23:38:32 LOG7[11]: Deallocating application specific data for session connect address
2021.07.20 23:38:32 LOG7[11]: Local descriptor (FD=1000) closed
2021.07.20 23:38:32 LOG7[11]: Service [Server] finished (0 left)

If this cipher is removed, this validation is passed.

Is this cipher not supported?

Stunnel version is 5.59.

Even if verifypeer is disabled, there is no gain.

Conf file:

[Server]
accept = 443
connect = 8888
sslVersion = TLSv1.2
ciphers = ECDHE-ECDSA-AES256-GCM-SHA384
verifyChain = no
;verifyPeer = no
;verify = 1
CAfile = xyz.crt
cert = xyz.crt
key = key.pem
options = NO_SSLv2
options = NO_SSLv3
debug = 7