On Wed, Jul 8, 2015 at 7:56 AM, Madhava Gaikwad (madgaikw) < [email protected]> wrote: > > > I am using stunnel 5.03 version. I want to understand how the config option “sslVersion “ and “options ” works. > The problem I am trying to solve is: I want to enable say only particular ssl connect methods, for example sslv3 and TLs1.2. I am not able to do it. > > For me if I do below setting: > > Options = all > Option = NO_SSLv2 > Option = NO_SSLv3 > Option = NO_TLSv1 > Option = NO_TLSv1.1 > Option = NO_TLSv1.2 > > Still I see all methods are being enabled. I removed Option = all, but no effect. What is expected behavior? > > Also, the sslVersion seems enables either particular sslversion, or else all the versions. So wondering what can be the escape mechanism. Any help will be highly appreciated.
I cannot comment on such an old version of Stunnel (5.03 - Version 5.03, 2014.08.07 - nearly a year old!! from https://www.stunnel.org/sdf_ChangeLog.html history). You really should update your Stunnel and OpenSSL version, especially if you're using the insecure OpenSSL versions. I asked a similar question in the past, and Mike said that the above should work for allowing multiple versions. Try this, from https://www.stunnel.org/static/stunnel.html man page: sslVersion = all options = NO_SSLv2 options = NO_TLSv1 options = NO_TLSv1.1 That should only allow SSLv3 and TLSv1.2 and disallow the other three above. I did test this (i.e., enabling the ones "turned off" in the client) and it does indeed work. See what Mike said at the following URL: http://www.stunnel.org/pipermail/stunnel-users/2015-March/004985.html Be sure that you're looking in the right place... there's "enabled by software" and then "enabled by configuration"... the config can limit the software. NOTE: The old posts can be searched here: http://www.stunnel.org/pipermail/stunnel-users/ -Rob
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
