[stunnel-users] CAPI_GET_KEY:cryptacquirecontext error

Jose Alf. josealf at rocketmail.com
Wed Jun 3 13:59:57 CEST 2020


 Michael,
Answers below:

   >On Wednesday, June 3, 2020, 05:22:19 AM GMT-5, Michael S. Chusovitin <tchuss at gmail.com> wrote:  
 
 >No luck. The downloaded stunnel 5.56 behaves exactly as 5.48 - it logs "CAPI_GET_KEY:cryptacquirecontext error" or >"CAPI_CTX_SET_PROVNAME:cryptacquirecontext error" (depending on selected csp_name and csp_type).
>Did anyone succeed in getting stunnel+capi work for TLS 1.2 ?
Unlikely. Maybe with OpenSSL 1.0. See below.
>Maybe some OpenSSL configuration commands could help... But I cannot imagine what.>And I did see "You also need to disable TLS 1.2 or later because the CryptoAPI engine currently does not support PSS" phrase in sample >stunnel.conf - isn't it an obsolete restriction?

No. It is a restriction in OpenSSL 1.1.x that won't be fixed. See https://github.com/openssl/openssl/issues/8872
However, in the thread it seems the CAPI engine in OpenSSL 1.0.x works with TLS 1.2... So, Maybe an stunnel compiled against the deprecated OpenSSL 1.0.2 could give better results in your case...
Regards,Jose

On Wed, Jun 3, 2020 at 12:13 AM Jose Alf. <josealf at rocketmail.com> wrote:

 Hi Michael,
See below:
    On Tuesday, June 2, 2020, 10:42:30 AM GMT-5, Michael S. Chusovitin <tchuss at gmail.com> wrote:  
 
> Stunnel version is 5.48 with OpenSSL 1.0.2o-fips. (in this very case I need to use 32bit version, so no possibility to upgrade).

Actually, you can upgrade your Windows 32-bit stunnel. Either, you compile your own, or you can get the latest from here:
josealf/stunnel-win32

| 
| 
| 
|  |  |

 |

 |
| 
|  | 
josealf/stunnel-win32

Binaries for Stunnel for Win32. Contribute to josealf/stunnel-win32 development by creating an account on GitHub.
 |

 |

 |




Regards,Jose  
_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200603/d3465f6e/attachment.htm>


More information about the stunnel-users mailing list