Classification: Restricted
Hi Duncan,
Thank you for your email.
The parameters we have set up in the stunnel config are as follows :
(also we are using stunnel version 5.67)
; Certificate/key is needed in server mode and optional in client mode
cert = ARB03.pem
key = ARB03.pem
; Disable support for insecure SSLv2 protocol
options = NO_SSLv2
options = NO_SSLv3
sslVersion = TLSv1.3
ciphersuites = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_128_GCM_SHA25
the version of OpenSSL is
However when we reboot the server and check the stunnel log – we receive a fatal error, as the ciphers are not recognised
2024.06.10 15:00:34 LOG7[8]: TLS alert (write): fatal: internal error
2024.06.10 15:00:34 LOG3[8]: SSL_connect: ssl/statem/statem_clnt.c:3745: error:0A0000B5:SSL routines::no ciphers available
Any ideas
Thank you
Danny
From: Duncan
Morris <Duncan.Morris@cdl.co.uk>
Sent: Monday, 10 June 2024 14:44
To: Glick, Daniel <DanielGlick@arbuthnot.co.uk>; stunnel-users@stunnel.org
Subject: RE: help required with stunnel cipher set up
Classification: Restricted
This message originated from outside your organization
Hi,
Have you updated the stunnel config file with your ciphersuites choices?
From:
https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS
ciphersuites =
CIPHERSUITES_LIST
select permitted TLSv1.3 ciphersuites
A colon-delimited list of TLSv1.3 ciphersuites names in order of preference.
This option requires OpenSSL 1.1.1 or later.
default: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
Regards,
Duncan Morris
OpenVMS Consultant Engineer
CDL
Advanced Notice of Annual Leave: 18th-28th July 2024
24th
Aug–4th September 2024
T: +44 (0)161 480 4420
T: +44 (0)161 475 4111
F: +44 (0)161 480 4415
M: +44 (0)7872 526049
CDL - EXTERNAL
From:
Glick, Daniel <DanielGlick@arbuthnot.co.uk>
Sent: Monday, June 10, 2024 11:28 AM
To: stunnel-users@stunnel.org
Subject: [stunnel-users] help required with stunnel cipher set up
You don't often get email from
danielglick@arbuthnot.co.uk.
Learn why this is important |
Classification: Restricted
Dear All,
Objective :
We have been informed by Euroclear that we must use the following ciphers below with our stunnel connection to them
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Server details :
The required cipher has been defined as being the first in the list.
Information security has confirmed that the cipher has been enabled
However after rebooting the server and starting stunnel – the old ciphers are still being used
Please can anyone point us in the right direction as to what we are doing wrong.
Thank you
|
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents
of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our
Privacy Notice, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated
by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.
Arbuthnot Latham & Co., Limited
Arbuthnot House
7 Wilson Street
London
EC2M 2SN
Tel : +44 (0)20 7012 2500
www.arbuthnotlatham.co.uk
Please consider the environment - Do you really need to print this email?
This email is intended only for the person(s) named above and may contain private and confidential information. If it has come to you in error,
please destroy and permanently delete any copy in your possession, and contact us on +44 (0)161 480 4420. The information in this email is copyright © CDL Group Holdings Limited. We cannot accept liability for any loss or damage sustained as a result of software
viruses. It is your responsibility to carry out such virus checking as is necessary before opening any attachment.
Cheshire Datasystems Limited uses software which automatically screens incoming emails for inappropriate content and attachments. If the software
identifies such content or attachment, the email will be forwarded to our Technology department for checking. You should be aware that any email that you send to Cheshire Datasystems Limited is subject to this procedure.
Cheshire Datasystems Limited, Strata House, Kings Reach Road, Stockport, SK4 2HD
Registered in England and Wales with company number 3991057
VAT registration: 727 1188 33
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our Privacy Notice, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.
Arbuthnot Latham & Co., Limited
Arbuthnot House
7 Wilson Street
London
EC2M 2SN
Tel : +44 (0)20 7012 2500
www.arbuthnotlatham.co.uk