[stunnel-users] stunnel log shows SSLv3 protocol level even when TLSv1 was negotiated

Jochen Bern Jochen.Bern at LINworks.de
Tue Feb 3 16:18:18 CET 2015


On 02/03/2015 04:00 PM, christian.tenvenne at lhsystems.com wrote:
> My client's ssl-log (-Djavax.net.debug=ssl) confirms that, during
> handshake and for application data, the highest TLS protocol
> version is being used.
> 
> How come, stunnel log still shows "SSLv3" ?

The protocols etc. that happen "under the hood" haven't been redefined
*completely from scratch* for TLS, so "old" names reappear when you dig
into the details. OpenSSL talks about "SSLv3" when making a TLS 1.2
connection, too:

> $ ( sleep 1 ; echo "HEAD / HTTP/1.0" ; echo "" ; sleep 2 ) | \
> > openssl s_client -connect www.nec-store.de:443 -tls1_2 -state 2>&1 \
> > | egrep '(SSL|TLS)v'
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server key exchange A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read server session ticket A
> SSL_connect:SSLv3 read finished A
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>     Protocol  : TLSv1.2

Regards,
								J. Bern
-- 
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel


More information about the stunnel-users mailing list