[stunnel-users] stunnel log shows SSLv3 protocol level even when TLSv1 was negotiated

christian.tenvenne at lhsystems.com christian.tenvenne at lhsystems.com
Tue Feb 3 16:00:02 CET 2015


I'm running stunnel in server-mode with options "NO_SSLV2" and "NO_SSLV3" and sslVersion=all.
My client also explicitly disables SSLv2 and SSLv3.

My client's ssl-log (-Djavax.net.debug=ssl) confirms that, during handshake and for application data, the highest TLS protocol version is being used.

How come, stunnel log still shows "SSLv3" ?

2015.02.03 14:42:46 LOG5[8415:140561397376768]: ldaps-in accepted connection from X.X.X.X:65158
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): before/accept initialization
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read client hello A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write server hello A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write certificate A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write server done A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 flush data
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read client key exchange A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read finished A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write change cipher spec A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write finished A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 flush data
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    9 items in the session cache
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client connects (SSL_connect())
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client connects that finished
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client renegotiations requested
2015.02.03 14:42:46 LOG7[8415:140561397376768]:   12 server connects (SSL_accept())
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    9 server connects that finished
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 server renegotiations requested
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache hits
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 external session cache hits
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache misses
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache timeouts
2015.02.03 14:42:46 LOG6[8415:140561397376768]: SSL accepted: new session negotiated
2015.02.03 14:42:46 LOG6[8415:140561397376768]: Negotiated ciphers: AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

Is my client's ssl-log wrong? Or stunnel's?


Kind regards,
Christian Tenvenne

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150203/5538582a/attachment.html>


More information about the stunnel-users mailing list