<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
Hi Michal,<br>
<br>
Thanks for making that a lot clearer!<br>
<br>
You remind me of my college days (and nights!) when referring to finite state machines - I have a very good working knowledge of these as well! ;)
<div><br>
</div>
<div>That's very good news... so I presume the line:<br>
</div>
<div><br>
</div>
<blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;">
<div><span style="font-family: 'Courier New', monospace; font-size: 16px; background-color: rgb(255, 255, 0);">2014.10.28 14:35:55 LOG6[4156]: Negotiated TLSv1 ciphersuite ECDHE-RSA-AES256-SHA (256-bit encryption)</span></div>
</blockquote>
<div><br>
</div>
<div>... is the confirmation that the TLS protocol is being used?<br>
</div>
<div><br>
<br>
(Apologies for my delayed response - I was out of the office yesterday.)<br>
</div>
<div><br>
<br>
<strong>Regards,</strong><br>
<strong>Stephen</strong><br>
<br>
________________________________________<br>
From: stunnel-users <stunnel-users-bounces@stunnel.org> on behalf of Michal Trojnara <Michal.Trojnara@mirt.net><br>
Sent: 29 October 2014 16:14<br>
To: stunnel-users@stunnel.org<br>
Subject: Re: [stunnel-users] Exchange Online - SSLv3 and Sophos UTM 120 firewall update<br>
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Stephen Hogan wrote:<br>
> 2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write<br>
> client hello A<br>
[cut]<br>
> I have a basic (shaky) understanding that the "handshake" for TLS<br>
> does downgrade to SSLv3 if newer versions of TLS fail, but I am<br>
> wondering if I apply the update recommended on the firewall, will<br>
> this cut the communication for the SMTP relay, the way I am using<br>
> it?<br>
<br>
The debug messages produced by stunnel can sometimes be confusing.<br>
They are intended to be helpful to developers, and not end-users.<br>
<br>
OpenSSL implements the SSL/TLS/DTLS protocols with three separate<br>
finite state machines: SSLv2, SSLv3, and DTLS1.<br>
<a href="http://en.wikipedia.org/wiki/Automata-based_programming" target="_blank">http://en.wikipedia.org/wiki/Automata-based_programming</a><br>
All TLS protocols use the SSLv3 state machine, thus the state name<br>
does not reflect the actual protocol being negotiated.<br>
<br>
See the source for details:<br>
<a href="https://github.com/openssl/openssl/blob/master/ssl/ssl_stat.c" target="_blank">https://github.com/openssl/openssl/blob/master/ssl/ssl_stat.c</a><br>
<br>
Best regards,<br>
Mike<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1<br>
<br>
iEYEARECAAYFAlRREk8ACgkQ/NU+nXTHMtGLPwCgiA1tfq7LhNC600d5eVbWugLk<br>
coUAn1mGA4mWBAchUu5+d6nYfxe0isgr<br>
=p4hH<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
stunnel-users mailing list<br>
stunnel-users@stunnel.org<br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br>
______________________________________________________________________<br>
This email has been scanned by the Symantec Email Security.cloud service.<br>
For more information please visit <a href="http://www.symanteccloud.com" target="_blank">
http://www.symanteccloud.com</a><br>
______________________________________________________________________<br>
</div>
<br>
<br>
<hr>
<span style="font-family:"Arial","sans-serif"">
<p><img src="http://dl.dropbox.com/u/16175691/Mila_Logo_RGB_Strapline_EmailSig.png" alt="Mila Logo" align="left">
<span style="font-size:10.0pt">Stephen Hogan </span> <span style="font-size:10.0pt;color:red"><em>|</em></span>
<span style="font-size:10.0pt">System Administrator </span> <span style="font-size:10.0pt;color:red"><em>|</em></span>
<span style="font-size:10.0pt">Mila Limited </span><br>
<span style="font-size:10.0pt">Kilbarrack Industrial Estate, Kilbarrack, Dublin 5, IRELAND
</span><br>
<span style="font-size:10.0pt">Tel: +353 (0)1 839 0402 </span> <span style="font-size:10.0pt;color:red"><em>|</em></span>
<span style="font-size:10.0pt">Fax: +353 (0)1 839 0589 </span><br>
<span style="font-size:10.0pt">Email: shogan@mila.ie </span> <span style="font-size:10.0pt;color:red"><em>|</em></span>
<span style="font-size:10.0pt">Web: www.mila.ie </span><br>
<br>
<span style="font-size:8.0pt">Company Reg. No. 143406. Registered address: 24/26 City Quay, Dublin 2, Ireland.
</span><br clear="all">
<br>
<br>
<span style="font-size:8.0pt"><strong>DISCLAIMER:</strong> This email and any files transmitted with it are confidential and intended solely for the attention and use of the individual or entity to whom they are addressed. No copyright or other intellectual
rights to any material attached to this email, either inline or as an attachment are transferred to the recipient unless explicitly stated. If you have received this email in error please reply to inform us accordingly, prior to deleting the message.
</span><br>
<br>
</p>
</span>
</body>
</html>