<div dir="ltr">
<div>No luck. The downloaded stunnel 5.56 behaves exactly as 5.48 - it logsĀ
"<span lang="EN-US">CAPI_GET_KEY:cryptacquirecontext error"</span>
or "<span lang="EN-US">CAPI_CTX_SET_PROVNAME:cryptacquirecontext error"<b> </b>(depending on selected csp_name and csp_type)<b>.<br></b></span></div><div>Did anyone succeed in getting stunnel+capi work for TLS 1.2 ?</div><div>Maybe some OpenSSL configuration commands could help... But I cannot imagine what.</div><div>And I did see "You also need to disable TLS 1.2 or later because the CryptoAPI engine currently does not support PSS" phrase in sample stunnel.conf - isn't it an obsolete restriction?</div><div><br></div><div>Thanks in advance,</div><div>Michael</div>
</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 3, 2020 at 12:13 AM Jose Alf. <<a href="mailto:josealf@rocketmail.com">josealf@rocketmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:Helvetica Neue,Helvetica,Arial,sans-serif;font-size:13px"><div></div>
<div dir="ltr">Hi Michael,</div><div dir="ltr"><br></div><div dir="ltr">See below:</div><div><br></div>
</div><div id="gmail-m_-2866598122373902680ydp9381a55byahoo_quoted_1895285137">
<div style="font-size:13px;color:rgb(38,40,42)">
<div style="font-family:Helvetica Neue,Helvetica,Arial,sans-serif">
On Tuesday, June 2, 2020, 10:42:30 AM GMT-5, Michael S. Chusovitin <<a href="mailto:tchuss@gmail.com" target="_blank">tchuss@gmail.com</a>> wrote:
</div>
<div style="font-family:Helvetica Neue,Helvetica,Arial,sans-serif"><br></div>
<div style="font-family:Helvetica Neue,Helvetica,Arial,sans-serif"><br></div><div><div id="gmail-m_-2866598122373902680ydp9381a55byiv0229049510"><div dir="ltr"><div><div style="font-family:Helvetica Neue,Helvetica,Arial,sans-serif"><span lang="EN-US">> Stunnel version is 5.48 with OpenSSL 1.0.2o-fips. (in this very case I need to use 32bit version, so no possibility to upgrade).<br></span></div><div style="font-family:Helvetica Neue,Helvetica,Arial,sans-serif"><span lang="EN-US"><br></span></div><div dir="ltr"><span lang="EN-US">Actually, you can upgrade your Windows 32-bit stunnel. Either, you compile your own, or you can get the latest from here:</span></div><div dir="ltr"><span lang="EN-US"><br></span></div><div dir="ltr"><div><div><a href="https://github.com/josealf/stunnel-win32/blob/master/stunnel-testing-win32-5.56-ossl-1.1.1g-installer.exe" target="_blank">https://github.com/josealf/stunnel-win32/blob/master/stunnel-testing-win32-5.56-ossl-1.1.1g-installer.exe</a></div><div><br></div></div></div><div dir="ltr" style="font-family:Helvetica Neue,Helvetica,Arial,sans-serif">Regards,</div><div dir="ltr" style="font-family:Helvetica Neue,Helvetica,Arial,sans-serif">Jose</div></div></div></div></div>
</div>
</div></div></blockquote></div>