Hi,
Is there any way to make the sslVersion version take multiple options? I
would like to restrict things to TLSv1 or SSLv3 but it seems only one option
can be specified. I tried specifying this in the cipher section instead of
ALL but couldn't seem to get it to work.
Also here is something a little weird I've noticed, if anyone else has ran
into it before and knows what's going on. With sites set to use TLSv1,
sometimes while testing a HTTPS site using Firefox SSL (when both SSLv3 and
TLSv1 is enabled in Firefox) sometimes the site won't come up. It feels like
Firefox is using a weird SSL version to do the SSL certificate verification
but once you trust the certificate it uses the right settings. I've set
sslVersion = all, and trusted the SSL certificate in Firefox, then set
sslVersion = TLSv1 again and I can get to the site ok at that point. Kind of
weird. I'm probably just going to have to leave sslVersion = all, but Nessus
and other security scans really like things locked down to just TLSv1 or
SSLv3.
stunnel: LOG5[17972:3086609296]: https-site01 accepted connection from
1.2.3.4:50878
stunnel: LOG3[17972:3086609296]: SSL_accept: 1408F10B: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
stunnel: LOG5[17972:3086609296]: Connection reset: 0 bytes sent to SSL, 0
bytes sent to socket