[stunnel-users] basic usage question

Mark Foley mfoley at novatec-inc.com
Thu Mar 15 01:11:28 CET 2018


My OpenSSL does appear to support TLSv1.  running 'openssl ciphers -v TLSv1'
does return a list of ciphers whereas 'openssl ciphers -v TLSv1.3' give me a "no
cipher match" error, so I don't think the TLS1.3 patch is going to solve my
problem.  Why am I not able to run stunnel specifying "sslVersion = TLSv1"? The
error I got was:

2018.03.13 13:22:03 LOG3[0]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

My configs:

SERVER:

foreground = yes
pid = /var/run/stunnel.pid
debug = 7
; output = /root/stunnel.log
output = /dev/stdout
sslVersion = TLSv1
[x11vnc]
accept = 3389
key = /root/privatekey.pem
cert = /root/certificate.pem
connect = 127.0.0.1:5900


CLIENT:

foreground = yes
verify = 2
pid = /home/mfoley/.stunnel/stunnel.pid
CAfile = /home/mfoley/.stunnel/certificate.pem
client = yes
sslVersion = TLSv1

[x11vnc]
accept = 5900
connect = serverhost.org:1914

Not trying to be a maillist pest ...

--Mark

-----Original Message-----
From: Mark Foley <mfoley at novatec-inc.com>
Date: Wed, 14 Mar 2018 11:09:56 -0400
Organization: Novatec Software Engineering, LLC
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] basic usage question

Nitin - sorry, I didn't realize this was a response to my message and I sent a
followup message before reading this one.

I have your patch in a previous message. I'm not familiar with "patching". Can
you give me quickie instructions on doing that, or refer me to a link that
explains it? I assume I need to patch the source code, right? If so, I have
stunnel version 5.35. Do I need to apply this patch to a more recent version?

Are there any other sslVersions stunnel supports?

Thanks --Mark

-----Original Message-----
On Tue, 13 Mar 2018 22:21:24 +0400 Nitin Mutkawoa <jmutkawoa at hackers.mu> wrote:
>
> hello
>
> Sorry, I was not clear enough in my previous mail.
> The patch allows you to specify TLS 1.3 in the configuration file and do a
> TLS 1.3 only.
>
> regards
>
> Nitin J Mutkawoa
>
> https://tunnelix.com
> https://hackers.mu
>
> Twitter: @TheTunnelix
>
> On Tue, Mar 13, 2018 at 3:13 PM, Ma??gorzata Olszówka <
> Malgorzata.Olszowka at stunnel.org> wrote:
>
> > I'm also working on TLS 1.3 compatibility with Stunnel. I will reach the
> >> mailing list as soon as possible with a tested patch.
> >>
> >
> > Hello Nitin,
> > Could you specify what problem do you have with TLS 1.3.
> > It works for me:
> >
> > 2018.03.13 11:39:06 LOG5[ui]: stunnel 5.44 on x86_64-unknown-linux-gnu
> > platform
> > 2018.03.13 11:39:06 LOG5[ui]: Compiled/running with OpenSSL
> > 1.1.1-pre2-dev  xx XXX xxxx
> > ???
> > 2018.03.13 11:39:23 LOG6[0]: Negotiated TLSv1.3 ciphersuite
> > TLS13-AES-256-GCM-SHA384 (256-bit encryption)
> >
> >
> > Regards,
> > Ma??gorzata
> > _______________________________________________
> > stunnel-users mailing list
> > stunnel-users at stunnel.org
> > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> >
_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users



More information about the stunnel-users mailing list