[stunnel-users] Exchange Online - SSLv3 and Sophos UTM 120 firewall update

Michal Trojnara Michal.Trojnara at mirt.net
Wed Oct 29 17:14:07 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Hogan wrote:
> 2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write 
> client hello A
[cut]
> I have a basic (shaky) understanding that the "handshake" for TLS
> does downgrade to SSLv3 if newer versions of TLS fail, but I am
> wondering if I apply the update recommended on the firewall, will
> this cut the communication for the SMTP relay, the way I am using
> it?

The debug messages produced by stunnel can sometimes be confusing.
They are intended to be helpful to developers, and not end-users.

OpenSSL implements the SSL/TLS/DTLS protocols with three separate
finite state machines: SSLv2, SSLv3, and DTLS1.
http://en.wikipedia.org/wiki/Automata-based_programming
All TLS protocols use the SSLv3 state machine, thus the state name
does not reflect the actual protocol being negotiated.

See the source for details:
https://github.com/openssl/openssl/blob/master/ssl/ssl_stat.c

Best regards,
	Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRREk8ACgkQ/NU+nXTHMtGLPwCgiA1tfq7LhNC600d5eVbWugLk
coUAn1mGA4mWBAchUu5+d6nYfxe0isgr
=p4hH
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list