On Thu, May 29, 2025 at 05:55:43PM +0200, Lista_-_Stunnel via stunnel-users wrote:
Hi,
Sorry for my english.
I have a stunnel 5.00 with TLSv1.2
+-+-+-+ stunnel 5.00 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1f 6 Jan 2014 Threading:PTHREAD Sockets:POLL,IPv4 SSL:ENGINE,OCSP errno: (*__errno_location ()) +-+-+-+
This is a Linux installation; it is entirely possible that it uses the system's OpenSSL library, which may have been updated sometime in the last ten years. The original poster uses a Windows one:
2014.05.15 13:38:22 LOG5[10132]: stunnel 5.01 on x86-pc-msvc-1500 platform
AFAIK (and many apologies to the stunnel authors if this is wrong!), the Windows installer of stunnel brings its own copy of OpenSSL and some relateed libraries, so if the ones distributed with it at the time it was installed do not support TLS 1.2, that's it.
To the original poster: the bundled OpenSSL libraries are only one of the reasons stunnel installations, just like any other software, MUST be updated periodically. stunnel 5.01 is much too old, and I can think of many bugfixes and several security vulnerabilities that have been fixed in both stunnel and OpenSSL in that time. You MUST upgrade. I know it can be difficult to arrange in some production scenarios, but security-sensitive software must be kept up to date.
G'luck, Peter