[stunnel-users] CAPI_GET_KEY:cryptacquirecontext error

Michael S. Chusovitin tchuss at gmail.com
Wed Jun 3 12:21:40 CEST 2020


 No luck. The downloaded stunnel 5.56 behaves exactly as 5.48 - it
logs  "CAPI_GET_KEY:cryptacquirecontext
error" or "CAPI_CTX_SET_PROVNAME:cryptacquirecontext error" (depending on
selected csp_name and csp_type)
*.*
Did anyone succeed in getting stunnel+capi work for TLS 1.2 ?
Maybe some OpenSSL configuration commands could help... But I cannot
imagine what.
And I did see "You also need to disable TLS 1.2 or later because the
CryptoAPI engine currently does not support PSS" phrase in sample
stunnel.conf - isn't it an obsolete restriction?

Thanks in advance,
Michael

On Wed, Jun 3, 2020 at 12:13 AM Jose Alf. <josealf at rocketmail.com> wrote:

> Hi Michael,
>
> See below:
>
> On Tuesday, June 2, 2020, 10:42:30 AM GMT-5, Michael S. Chusovitin <
> tchuss at gmail.com> wrote:
>
>
> > Stunnel version is 5.48 with OpenSSL 1.0.2o-fips. (in this very case I
> need to use 32bit version, so no possibility to upgrade).
>
> Actually, you can upgrade your Windows 32-bit stunnel. Either, you compile
> your own, or you can get the latest from here:
>
>
> https://github.com/josealf/stunnel-win32/blob/master/stunnel-testing-win32-5.56-ossl-1.1.1g-installer.exe
>
> Regards,
> Jose
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200603/dc232be6/attachment.htm>


More information about the stunnel-users mailing list