Maybe Debian removed support for SSLv3 in it's OpenSSL libraries. This protocol is now obsolete and should not be used. Is that is the case, you will need to compile your own OpenSSL with SSLv3 enabled.
Anyway, you should ask in a Debian forum. Regards, Jose > El 6 may 2016, a las 4:16, Francois Pires <[email protected]> > escribió: > > Hi all, > > We need use of sslv3 but with debian Jessie package version 5.06 this is > not working. > > I have add options -NO_SSLv3 still same. > > Can you check if my configuration is good and if you have any idea to > have sslv3 working with this verison. > > > # stunnel.conf > > syslog = no > > cert = /etc/ssl/certs/test.crt.pem > key = /etc/ssl/private/test.key.pem > CAfile = /etc/ssl/certs/test.ca-bundle > > # Protocol version (all, SSLv2, SSLv3, TLSv1) > sslVersion = all > options = -NO_SSLv3 > ciphers = AES256-SHA > #ciphers = ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL > > # Some debugging stuff useful for troubleshooting > debug = 7 > output = /stunnel.log > > # Debian and Ubuntu chroot config > chroot = /var/lib/stunnel4/ > setuid = stunnel4 > setgid = stunnel4 > pid = /stunnel4.pid > > # Some performance tunings > socket = l:TCP_NODELAY=1 > socket = r:TCP_NODELAY=1 > socket = l:SO_KEEPALIVE=1 > socket = r:SO_KEEPALIVE=1 > > [test] > accept = 11443 > connect = 127.0.0.1:11444 > > > > # stunnel log with openssl test > SSL_accept: 14076102: error:14076102:SSL > routines:SSL23_GET_CLIENT_HELLO:unsupported protocol > > openssl s_client -connect 127.0.0.1:11443 -ssl3 > CONNECTED(00000003) > write:errno=104 > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 0 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : SSLv3 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1462525363 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > > -- > Cordialement, > > François PIRES > SysAdmin > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
