Thank you Jose. Disappointing but useful to know... Regards, Michael
On Wed, Jun 3, 2020 at 3:00 PM Jose Alf. <[email protected]> wrote: > Michael, > > Answers below: > > > >On Wednesday, June 3, 2020, 05:22:19 AM GMT-5, Michael S. Chusovitin < > [email protected]> wrote: > > > >No luck. The downloaded stunnel 5.56 behaves exactly as 5.48 - it logs > >"CAPI_GET_KEY:cryptacquirecontext > error" or >"CAPI_CTX_SET_PROVNAME:cryptacquirecontext error" (depending > on selected csp_name and csp_type) > *.* > >Did anyone succeed in getting stunnel+capi work for TLS 1.2 ? > > Unlikely. Maybe with OpenSSL 1.0. See below. > > >Maybe some OpenSSL configuration commands could help... But I cannot > imagine what. > >And I did see "You also need to disable TLS 1.2 or later because the > CryptoAPI engine currently does not support PSS" phrase in sample > >stunnel.conf - isn't it an obsolete restriction? > > > No. It is a restriction in OpenSSL 1.1.x that won't be fixed. See > https://github.com/openssl/openssl/issues/8872 > > However, in the thread it seems the CAPI engine in OpenSSL 1.0.x works > with TLS 1.2... So, Maybe an stunnel compiled against the deprecated > OpenSSL 1.0.2 could give better results in your case... > > Regards, > Jose > > > On Wed, Jun 3, 2020 at 12:13 AM Jose Alf. <[email protected]> wrote: > > Hi Michael, > > See below: > > On Tuesday, June 2, 2020, 10:42:30 AM GMT-5, Michael S. Chusovitin < > [email protected]> wrote: > > > > Stunnel version is 5.48 with OpenSSL 1.0.2o-fips. (in this very case I > need to use 32bit version, so no possibility to upgrade). > > Actually, you can upgrade your Windows 32-bit stunnel. Either, you compile > your own, or you can get the latest from here: > > josealf/stunnel-win32 > <https://github.com/josealf/stunnel-win32/blob/master/stunnel-testing-win32-5.56-ossl-1.1.1g-installer.exe> > > josealf/stunnel-win32 > > Binaries for Stunnel for Win32. Contribute to josealf/stunnel-win32 > development by creating an account on GitHub. > > <https://github.com/josealf/stunnel-win32/blob/master/stunnel-testing-win32-5.56-ossl-1.1.1g-installer.exe> > > > > Regards, > Jose > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
