Is it just me, or does stunnel not seem to obey the ssl 'options'
setting in the config file? I have the lines:
options = TLS_ROLLBACK_BUG
options = NO_TLSv1
options = NO_SSLv3
And when I start stunnel, the output is:
2004.12.20 07:47:46 LOG7[9981:1024]: Configuration SSL options: 0x06800000
2004.12.20 07:47:46 LOG7[9981:1024]: SSL options set: 0x06800000
So all looks well ang good... But then when it sends the client hello
message, one would expect an ssl2 message, but we get the following
output:
2004.12.20 07:47:51 LOG7[9984:1026]: SSL state (connect): SSLv3 write
client hello A
2004.12.20 07:47:51 LOG7[9984:1026]: waitforsocket: FD=10, DIR=read
2004.12.20 07:47:51 LOG7[9984:1026]: waitforsocket: ok
2004.12.20 07:47:51 LOG7[9984:1026]: SSL alert (write): fatal: handshake failure
2004.12.20 07:47:51 LOG3[9984:1026]: SSL_connect: 1408F10B:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
That first line seems to indicate that it's still sending a v3
message. Is this actually what's happening?