Le 04/03/2019 à 16:14, Yan Renelt a écrit : > Hi, Hi, > my config is > cert = stunnel.pem > socket = l:TCP_NODELAY=1 > socket = r:TCP_NODELAY=1 > debug = 7 > > fips = yes > > [Demo-Trading] > client = yes > accept = 127.0.0.1:40001 > connect = fix-order.london-demo.lmax.com:443 > sslVersion = TLSv1 Why do you use this one ? Isn't it better to use TLSv1.2 min.?
> options = NO_SSLv2 > options = NO_SSLv3 > > [Demo ñ Market Data] > client = yes > accept = 127.0.0.1:40003 > connect = fix-marketdata.london-demo.lmax.com:443 > sslVersion = TLSv1 > options = NO_SSLv2 > options = NO_SSLv3 > > > and I still receiving this error. > > FIPS_mode_set: F06D065: error:0F06D065:common libcrypto > routines:FIPS_mode_set:fips mode not supported > > Any suggestions? Fips = no is not an option for me. > > > Thanks > > Yan Witch OS ? Do you use `debug = 7` ? Some informations in ? On openBSD (for ex.), `rcctl -d start stunnel` could give you some useful informations. There is a sample of mine (client = no) : debug = 7 output = stunnel.log sslVersion = TLSv1.2 options = CIPHER_SERVER_PREFERENCE ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384 curve = secp384r1 Regards, -- mlrx _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
