[stunnel-users] Configuring stunnel and openssl on Windows to support TLS 1.2

Liz Turi lturi at maehc.org
Tue Jun 13 17:03:42 CEST 2017


Issue resolved. I was overthinking it, once I used cert=/path/to/file.p12, and let stunnel prompt for password, it all worked.

Liz Turi
Sr. Consultant
Massachusetts eHealth Collaborative
860 Winter Street, Waltham, MA 02451
(m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589
www.maehc.org<http://www.maehc.org>
[fb_icon]<https://www.facebook.com/massachusettsehealthcollab?fref=nf>[li_icon]<https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>[tw_icon]<https://twitter.com/MAeHC_org>

From: Liz Turi
Sent: Tuesday, June 13, 2017 8:40 AM
To: 'stunnel-users at stunnel.org' <stunnel-users at stunnel.org>
Subject: Configuring stunnel and openssl on Windows to support TLS 1.2

Good morning,

I'm hoping you can help point me in the right direction. The problem I'm trying to solve is enabling TLS 1.2 connections on a Windows (environment has both Windows 2008 and Windows 10 environments) platform. Currently, my private keys are managed by the Windows certificate store, using the capi engineId within stunnel (v 5.41), which uses OpenSSL 1.0.1. Because of this, stunnel can only negotiate a TLS 1.1 connection.

I've tried compiling OpenSSL 1.1.0f and stunnel 5.41, but no luck either cross compiling under CentOS, nor under Windows using either MSYS2/MINGW32 or Cygwin.

What I'm looking for is any one of the following


1)      solid current cross-compiling examples or references

2)      solid current Windows compiling examples or references using extant versions

3)      a way to manage the pfx/p12 (private key) in stunnel without resorting to the Windows certificate store.


Option 3 is preferred. I see how to manage pkcs11, but not pkcs12.

Thank you in advance!


Liz Turi
Sr. Consultant
Massachusetts eHealth Collaborative
860 Winter Street, Waltham, MA 02451
(m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589
www.maehc.org<http://www.maehc.org>
[fb_icon]<https://www.facebook.com/massachusettsehealthcollab?fref=nf>[li_icon]<https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>[tw_icon]<https://twitter.com/MAeHC_org>


CONFIDENTIALITY NOTICE
The information contained in this email transmission is legally privileged and confidential information intended only for the use of the addressee named above. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution or copying of this email transmission is strictly prohibited. If you have received this email transmission in error, please notify us immediately. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/28c1ae9c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 3321 bytes
Desc: image004.png
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/28c1ae9c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 3226 bytes
Desc: image005.png
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/28c1ae9c/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 3335 bytes
Desc: image006.png
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/28c1ae9c/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 3321 bytes
Desc: image007.png
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/28c1ae9c/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 3226 bytes
Desc: image008.png
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/28c1ae9c/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.png
Type: image/png
Size: 3335 bytes
Desc: image009.png
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/28c1ae9c/attachment-0005.png>


More information about the stunnel-users mailing list