Classification: Restricted


Hi Duncan,

 

Thank you for your email.

 

The parameters we have set up in the stunnel config are as follows :
(also we are using stunnel version 5.67)

 

; Certificate/key is needed in server mode and optional in client mode

cert = ARB03.pem

key = ARB03.pem

 

; Disable support for insecure SSLv2 protocol

options = NO_SSLv2

options = NO_SSLv3

 

sslVersion = TLSv1.3

ciphersuites = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_128_GCM_SHA25

 

 

the version of OpenSSL is

 

 

 

However when we reboot the server and check the stunnel log – we receive a fatal error, as the ciphers are not recognised

 

2024.06.10 15:00:34 LOG7[8]: TLS alert (write): fatal: internal error

2024.06.10 15:00:34 LOG3[8]: SSL_connect: ssl/statem/statem_clnt.c:3745: error:0A0000B5:SSL routines::no ciphers available

 

Any ideas

 

Thank you

Danny

 

 

From: Duncan Morris <Duncan.Morris@cdl.co.uk>
Sent: Monday, 10 June 2024 14:44
To: Glick, Daniel <DanielGlick@arbuthnot.co.uk>; stunnel-users@stunnel.org
Subject: RE: help required with stunnel cipher set up

 

Classification: Restricted

 

This message originated from outside your organization


Hi,

 

Have you updated the stunnel config file with your ciphersuites choices?

 

From: https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS

 

ciphersuites = CIPHERSUITES_LIST

select permitted TLSv1.3 ciphersuites

A colon-delimited list of TLSv1.3 ciphersuites names in order of preference.

This option requires OpenSSL 1.1.1 or later.

default: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256

Regards,

 

Duncan Morris

OpenVMS Consultant Engineer

CDL

www.cdl.co.uk

 

Advanced Notice of Annual Leave: 18th-28th July 2024

                                                             24th Aug–4th September 2024

 

T: +44 (0)161 480 4420 

T: +44 (0)161 475 4111

F: +44 (0)161 480 4415

M: +44 (0)7872 526049

 

 

CDL - EXTERNAL

From: Glick, Daniel <DanielGlick@arbuthnot.co.uk>
Sent: Monday, June 10, 2024 11:28 AM
To: stunnel-users@stunnel.org
Subject: [stunnel-users] help required with stunnel cipher set up

 

Classification: Restricted

 

Dear All,

 

Objective :

 

We have been informed by Euroclear that we must use the following ciphers below with our stunnel connection to them

 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

 

 

Server details :

 

 

The required cipher has been defined as being the first in the list.

 

Information security has confirmed that the cipher has been enabled

 

 

 

However after rebooting the server and starting stunnel – the old ciphers are still being used

 

 

Please can anyone point us in the right direction as to what we are doing wrong.

 

Thank you

 

Daniel Glick 

Application Specialist, Investment Management & Finance Platform

Arbuthnot Latham & Co., Limited

 

 

 

 

 

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.

Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.

Please take some time to read our Privacy Notice, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.

Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.

Arbuthnot Latham & Co., Limited
Arbuthnot House
7 Wilson Street
London
EC2M 2SN

Tel : +44 (0)20 7012 2500
www.arbuthnotlatham.co.uk



Please consider the environment - Do you really need to print this email?

This email is intended only for the person(s) named above and may contain private and confidential information. If it has come to you in error, please destroy and permanently delete any copy in your possession, and contact us on +44 (0)161 480 4420. The information in this email is copyright © CDL Group Holdings Limited. We cannot accept liability for any loss or damage sustained as a result of software viruses. It is your responsibility to carry out such virus checking as is necessary before opening any attachment.

Cheshire Datasystems Limited uses software which automatically screens incoming emails for inappropriate content and attachments. If the software identifies such content or attachment, the email will be forwarded to our Technology department for checking. You should be aware that any email that you send to Cheshire Datasystems Limited is subject to this procedure.


Cheshire Datasystems Limited, Strata House, Kings Reach Road, Stockport, SK4 2HD
Registered in England and Wales with company number 3991057
VAT registration: 727 1188 33

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.

Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.

Please take some time to read our Privacy Notice, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.

Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.

Arbuthnot Latham & Co., Limited
Arbuthnot House
7 Wilson Street
London
EC2M 2SN

Tel : +44 (0)20 7012 2500
www.arbuthnotlatham.co.uk