Hello all,
I currently use the following parameters to achieve exactly the same objective: sslVersionMin = TLSv1.2 sslVersionMax = TLSv1.3 In fact, here is my full tls.conf file: ; TLS Configuration file sslVersionMin = TLSv1.2 sslVersionMax = TLSv1.3 ciphersuites = TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384 curves = X25519:P-256:X448:P-521:P-384 options = NO_COMPRESSION options = NO_TICKET Nothing fancy, and it works as expected. Maybe you are overriding your parameters somewhere else ? Best regards, Florian Stosse Information security engineer Safran Electronics & Defense | Safran Data Systems | Space & Communication Phone: +33 1 69 82 79 43 • Mobile : +33 6 48 11 16 12 Safran Data Systems 5, avenue des Andes - CS 90101 91978 Courtaboeuf Cedex, France www.safran-electronics-defense.com De : stunnel-users [mailto:[email protected]] De la part de Jorge Bastos Envoyé : jeudi 30 juillet 2020 10:17 À : Thomas Eifert Cc : [email protected] Objet : Re: [stunnel-users] Allowing only TLS 1.2 and 1.3 Howdy, ; Use sslVersionMax or sslVersionMin option instead of disabling specific TLS protocol versions when compiled ; with OpenSSL 1.1.0 or later. sslVersionMin = TLSv1.2 Produced no efect, openssl is 1.1.1g any idea? On 2020-07-30 0:54, Thomas Eifert wrote: P.S. There's also an sslVersionMax if you feel you need it. On 7/29/2020 5:20 PM, Jorge Bastos wrote: Howdy, I've been trying to configure stunnel to provide only TLS 1.2 and 1.3, but no sucess. I have the configuration bellow, what could i be doing wrong? Thanks in advanced, sslVersion = all options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 options = NO_TLSv1.1 _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users -- Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately. _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users # " Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés." ****** " This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system." #
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
