[stunnel-users] stunnel log shows SSLv3 protocol level even when TLSv1 was negotiated

Tue, 03 Feb 2015 07:01:13 -0800 

I'm running stunnel in server-mode with options "NO_SSLV2" and "NO_SSLV3" and 
sslVersion=all.
My client also explicitly disables SSLv2 and SSLv3.

My client's ssl-log (-Djavax.net.debug=ssl) confirms that, during handshake and 
for application data, the highest TLS protocol version is being used.

How come, stunnel log still shows "SSLv3" ?

2015.02.03 14:42:46 LOG5[8415:140561397376768]: ldaps-in accepted connection 
from X.X.X.X:65158
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): 
before/accept initialization
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read 
client hello A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write 
server hello A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write 
certificate A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write 
server done A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 flush 
data
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read 
client key exchange A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read 
finished A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write 
change cipher spec A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write 
finished A
2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 flush 
data
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    9 items in the session cache
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client connects 
(SSL_connect())
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client connects that 
finished
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client renegotiations 
requested
2015.02.03 14:42:46 LOG7[8415:140561397376768]:   12 server connects 
(SSL_accept())
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    9 server connects that 
finished
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 server renegotiations 
requested
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache hits
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 external session cache hits
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache misses
2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache timeouts
2015.02.03 14:42:46 LOG6[8415:140561397376768]: SSL accepted: new session 
negotiated
2015.02.03 14:42:46 LOG6[8415:140561397376768]: Negotiated ciphers: AES128-SHA 
SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

Is my client's ssl-log wrong? Or stunnel's?


Kind regards,
Christian Tenvenne


_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Reply via email to