[stunnel-users] exclusively TLS

Jan Meijer jan.meijer at surfnet.nl
Sat Jan 21 00:20:28 CET 2006

On Fri, 20 Jan 2006, Moehrke, John (GE Healthcare) wrote:

> It is not the list of ciphers that I want to choose from. We are indeed
> using a select set of ciphers and that seems to be working fine. My
> problem is that when stunnel connects to the server it is trying sslv3,
> and this causes an error as the server is only supporting TLS. I could
> easily be wrong...

Ah, that way.

options = SSL_options
     OpenSSL library options

     The parameter is the OpenSSL option name as described in the 
SSL_CTX_set_options(3ssl) manual, but without SSL_OP_ prefix. Several 
options can be used to specify multiple options.

     For example for compatibility with erroneous Eudora SSL implementation 
the following option can be used:


Check the SSL_CTX_set_options manpage, it says -amongst other things-:

            Do not use the SSLv2 protocol.

            Do not use the SSLv3 protocol.

            Do not use the TLSv1 protocol.

That ought to do the trick I'd say.

Let us know if it did :)



More information about the stunnel-users mailing list