[stunnel-users] Allowing only TLS 1.2 and 1.3
Jorge Bastos
mysql.jorge at decimal.pt
Sat Aug 1 22:34:48 CEST 2020
Hi,
Thank you,
In fact it works. the diagnostic tool i was using has an error,
confirmed instead with nmap,
Thanks!
On 2020-07-30 10:32, STOSSE Florian (SAFRAN AEROSYSTEMS) wrote:
> Hello all,
>
> I currently use the following parameters to achieve exactly the same objective:
>
> sslVersionMin = TLSv1.2
>
> sslVersionMax = TLSv1.3
>
> In fact, here is my full tls.conf file:
>
> ; TLS Configuration file
>
> sslVersionMin = TLSv1.2
>
> sslVersionMax = TLSv1.3
>
> ciphersuites = TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
>
> ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
>
> curves = X25519:P-256:X448:P-521:P-384
>
> options = NO_COMPRESSION
>
> options = NO_TICKET
>
> Nothing fancy, and it works as expected. Maybe you are overriding your parameters somewhere else ?
>
> Best regards,
>
> Florian Stosse
>
> Information security engineer
>
> Safran Electronics & Defense | Safran Data Systems | Space & Communication
>
> Phone: +33 1 69 82 79 43 * Mobile : +33 6 48 11 16 12
>
> Safran Data Systems
>
> 5, avenue des Andes - CS 90101
>
> 91978 Courtaboeuf Cedex, France
>
> www.safran-electronics-defense.com
>
> De : stunnel-users [mailto:stunnel-users-bounces at stunnel.org] De la part de Jorge Bastos
> Envoyé : jeudi 30 juillet 2020 10:17
> À : Thomas Eifert
> Cc : stunnel-users at stunnel.org
> Objet : Re: [stunnel-users] Allowing only TLS 1.2 and 1.3
>
> Howdy,
>
> ; Use sslVersionMax or sslVersionMin option instead of disabling specific TLS protocol versions when compiled
> ; with OpenSSL 1.1.0 or later.
>
> sslVersionMin = TLSv1.2
>
> Produced no efect, openssl is 1.1.1g
>
> any idea?
>
> On 2020-07-30 0:54, Thomas Eifert wrote:
>
> P.S.
>
> There's also an sslVersionMax if you feel you need it.
>
> On 7/29/2020 5:20 PM, Jorge Bastos wrote:
>
> Howdy,
>
> I've been trying to configure stunnel to provide only TLS 1.2 and 1.3, but no sucess.
> I have the configuration bellow, what could i be doing wrong?
>
> Thanks in advanced,
>
> sslVersion = all
> options = NO_SSLv2
> options = NO_SSLv3
> options = NO_TLSv1
> options = NO_TLSv1.1
>
> _______________________________________________
>
> stunnel-users mailing list
>
> stunnel-users at stunnel.org
>
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
> --
>
> Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
#
" Ce courriel et les documents qui lui sont joints peuvent contenir des
informations confidentielles, être soumis aux règlementations relatives
au contrôle des exportations ou ayant un caractère privé. S'ils ne vous
sont pas destinés, nous vous signalons qu'il est strictement interdit de
les divulguer, de les reproduire ou d'en utiliser de quelque manière que
ce soit le contenu. Toute exportation ou réexportation non autorisée est
interdite Si ce message vous a été transmis par erreur, merci d'en
informer l'expéditeur et de supprimer immédiatement de votre système
informatique ce courriel ainsi que tous les documents qui y sont
attachés."
******
" This e-mail and any attached documents may contain confidential or
proprietary information and may be subject to export control laws and
regulations. If you are not the intended recipient, you are notified
that any dissemination, copying of this e-mail and any attachments
thereto or use of their contents by any means whatsoever is strictly
prohibited. Unauthorized export or re-export is prohibited. If you have
received this e-mail in error, please advise the sender immediately and
delete this e-mail and all attached documents from your computer
system."
#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200801/fb244336/attachment.htm>
More information about the stunnel-users
mailing list