[stunnel-users] Security suggestions on stunnel with SSL/TLS and SNI configuration

Secure-Mail User testrig at z1p.biz
Fri Aug 28 09:11:48 CEST 2015

Wow - great! Thank you so much for this detailed answer Mike!

> The "option" option may be specified in individual service sections,
> and not only as a global default.

> You should be able to restrict the SNI service to only allow a
> specific TLS version with "options" specified within the SNI service
> section.

Huh! Yes you are right!! It really works that way..

I was testing on ubuntu 14.04 with v5.22 self-build and the v4.53 ubuntu-repo-default. I was totally sure to have tested that.
Maybe i have messed up something with the openssl s_client connect parameters or in the stunnel config file.
Just tried it on both versions again - works fine, as you said. "options=NO_xxx" is read and works per service section - great!

Again - thank you very much for the help! :-)

Best Regards,

powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.

More information about the stunnel-users mailing list