My OpenSSL does appear to support TLSv1. running 'openssl ciphers -v TLSv1' does return a list of ciphers whereas 'openssl ciphers -v TLSv1.3' give me a "no cipher match" error, so I don't think the TLS1.3 patch is going to solve my problem. Why am I not able to run stunnel specifying "sslVersion = TLSv1"? The error I got was:
2018.03.13 13:22:03 LOG3[0]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol My configs: SERVER: foreground = yes pid = /var/run/stunnel.pid debug = 7 ; output = /root/stunnel.log output = /dev/stdout sslVersion = TLSv1 [x11vnc] accept = 3389 key = /root/privatekey.pem cert = /root/certificate.pem connect = 127.0.0.1:5900 CLIENT: foreground = yes verify = 2 pid = /home/mfoley/.stunnel/stunnel.pid CAfile = /home/mfoley/.stunnel/certificate.pem client = yes sslVersion = TLSv1 [x11vnc] accept = 5900 connect = serverhost.org:1914 Not trying to be a maillist pest ... --Mark -----Original Message----- From: Mark Foley <[email protected]> Date: Wed, 14 Mar 2018 11:09:56 -0400 Organization: Novatec Software Engineering, LLC To: [email protected] Subject: Re: [stunnel-users] basic usage question Nitin - sorry, I didn't realize this was a response to my message and I sent a followup message before reading this one. I have your patch in a previous message. I'm not familiar with "patching". Can you give me quickie instructions on doing that, or refer me to a link that explains it? I assume I need to patch the source code, right? If so, I have stunnel version 5.35. Do I need to apply this patch to a more recent version? Are there any other sslVersions stunnel supports? Thanks --Mark -----Original Message----- On Tue, 13 Mar 2018 22:21:24 +0400 Nitin Mutkawoa <[email protected]> wrote: > > hello > > Sorry, I was not clear enough in my previous mail. > The patch allows you to specify TLS 1.3 in the configuration file and do a > TLS 1.3 only. > > regards > > Nitin J Mutkawoa > > https://tunnelix.com > https://hackers.mu > > Twitter: @TheTunnelix > > On Tue, Mar 13, 2018 at 3:13 PM, Ma??gorzata Olszówka < > [email protected]> wrote: > > > I'm also working on TLS 1.3 compatibility with Stunnel. I will reach the > >> mailing list as soon as possible with a tested patch. > >> > > > > Hello Nitin, > > Could you specify what problem do you have with TLS 1.3. > > It works for me: > > > > 2018.03.13 11:39:06 LOG5[ui]: stunnel 5.44 on x86_64-unknown-linux-gnu > > platform > > 2018.03.13 11:39:06 LOG5[ui]: Compiled/running with OpenSSL > > 1.1.1-pre2-dev xx XXX xxxx > > ??? > > 2018.03.13 11:39:23 LOG6[0]: Negotiated TLSv1.3 ciphersuite > > TLS13-AES-256-GCM-SHA384 (256-bit encryption) > > > > > > Regards, > > Ma??gorzata > > _______________________________________________ > > stunnel-users mailing list > > [email protected] > > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
