Unless I'm mistaken, stunnel version 5 currently supports the options
shown below for sslVersion:
all => TLS v1.0, TLS v1.1, TLS v1.2, SSLv2, SSLv3
TLSv1 => TLS v1.0 only (not TLS v1.1, TLSv1.2, SSLv2 or SSLv3)
TLSv1.1 => TLS v1.1 only
TLSv1.2 => TLS v1.2 only
In order to support TLS v1.0, TLS v1.1 and TLS v1.2 but disable SSLv2
and SSLv3, you should have in the config file:
sslVersion = all
options = NO_SSLv2
options = NO_SSLv3
(those last two lines may be default in the new Stunnel). However,
what if I want to just have TLSv1.1 and TLSv1.2 but NOT TLSv1.0? I
last tried this with Stunnel v5.10 but nothing in the changelogs tells
me that this behavior has been changed to choose a list of protocols;
only one parameter is accepted.
Is there a way to allow TLSv1.1 and TLSv1.2 but disallow TLSv1.0?
Thanks,
-Rob