[stunnel-users] exclusively TLS
jan.meijer at surfnet.nl
Sat Jan 21 00:20:28 CET 2006
On Fri, 20 Jan 2006, Moehrke, John (GE Healthcare) wrote:
> It is not the list of ciphers that I want to choose from. We are indeed
> using a select set of ciphers and that seems to be working fine. My
> problem is that when stunnel connects to the server it is trying sslv3,
> and this causes an error as the server is only supporting TLS. I could
> easily be wrong...
Ah, that way.
options = SSL_options
OpenSSL library options
The parameter is the OpenSSL option name as described in the
SSL_CTX_set_options(3ssl) manual, but without SSL_OP_ prefix. Several
options can be used to specify multiple options.
For example for compatibility with erroneous Eudora SSL implementation
the following option can be used:
options = DONT_INSERT_EMPTY_FRAGMENTS
Check the SSL_CTX_set_options manpage, it says -amongst other things-:
Do not use the SSLv2 protocol.
Do not use the SSLv3 protocol.
Do not use the TLSv1 protocol.
That ought to do the trick I'd say.
Let us know if it did :)
More information about the stunnel-users