Jeremy,
Does imtest have support for the ciphers that you want to use?
If you increase the stunnel log level you should see more details about
the TLS handshake.
My guess is that imtest does not support the newest cipher that you are using.
Have you tested with openssl s_client?
Cheers-----------------
Leandro Avila
On Friday, December 5, 2014 8:32 AM, Jérémy WILLIAME <[email protected]>
wrote:
>
>
>Hi,
>
>I want to use stunnel with TLSv1.2 ciphers but it doesn't work.
>I use stunnel 5.07 compiled from source with prefix /opt/stunnel and
lastest openssl (1.0.1j)
>
>This is my main configuration file:
>
>chroot = /opt/stunnel/var/lib/stunnel/
>pid = /stunnel4.pid
>cert = /opt/stunnel/etc/blabla/bla.pem
>key = /opt/stunnel/etc/blabla/bla.key
>ciphers = ECDHE-ECDSA-AES256-GCM-SHA384
>options = NO_SSLv2
>[imaps]
>accept = 993
>connect = 143
>
>I had to use one of this ciphers:
>ECDHE-ECDSA-AES256-GCM-SHA384
>ECDHE-ECDSA-AES256-SHA384
>DHE-RSA-AES256-GCM-SHA384
>
>When i tried to use imaps connection over stunnel :
>root@bla: imtest -a homer -w homer -p 993 -s localhost
>SSL_connect error 0
>SSL session removed
>failure: TLS negotiation failed
>
>if i use a SSLv3 cipher it works.
>root@bla: imtest -a homer -w homer -p 993 -s
localhost
>verify error:num=18:self signed certificate
>TLS connection established: TLSv1 with cipher DHE-RSA-AES128-SHA
(128/128 bits)
>
>
>Someone have any idea ?
>Thanks.
>Jeremy
>
>_______________________________________________
>stunnel-users mailing list
>[email protected]
>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
