Hello,
I noticed the following logs:
2017.01.31 18:24:27 LOG3[0]: error queue: 14099006: error:14099006:SSL
routines:ssl3_send_client_verify:EVP lib
2017.01.31 18:24:27 LOG3[0]: SSL_connect: 80070063:
error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object
The capi ENGINE in OpenSSL 1.0.2 and earlier uses the CSP attached
to the key for cryptographic operations. Unfortunately this means that
SHA2 algorithms are not supported for client authentication.
OpenSSL 1.1.0 adds a workaround for this issue. If you disable TLS 1.2
in earlier versions of OpenSSL it will not use SHA2 for client auth so
that will also work.
So try to set the global option:
sslVersion = TLSv1.1
Regards.
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
