Hi,
Thank you, In fact it works. the diagnostic tool i was using has an error, confirmed instead with nmap,
Thanks!
On 2020-07-30 10:32, STOSSE Florian (SAFRAN AEROSYSTEMS) wrote:
Hello all,
I currently use the following parameters to achieve exactly the same objective:
sslVersionMin = TLSv1.2
sslVersionMax = TLSv1.3
In fact, here is my full tls.conf file:
; TLS Configuration file
sslVersionMin = TLSv1.2
sslVersionMax = TLSv1.3
ciphersuites = TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
curves = X25519:P-256:X448:P-521:P-384
options = NO_COMPRESSION
options = NO_TICKET
Nothing fancy, and it works as expected. Maybe you are overriding your parameters somewhere else ?
Best regards,
Florian Stosse
Information security engineer
Safran Electronics & Defense | Safran Data Systems | Space & Communication
Phone: +33 1 69 82 79 43 * Mobile : +33 6 48 11 16 12
Safran Data Systems
5, avenue des Andes - CS 90101
91978 Courtaboeuf Cedex, France
www.safran-electronics-defense.com
De : stunnel-users [mailto:stunnel-users-bounces@stunnel.org] De la part de Jorge Bastos Envoyé : jeudi 30 juillet 2020 10:17 À : Thomas Eifert Cc : stunnel-users@stunnel.org Objet : Re: [stunnel-users] Allowing only TLS 1.2 and 1.3
Howdy,
; Use sslVersionMax or sslVersionMin option instead of disabling specific TLS protocol versions when compiled ; with OpenSSL 1.1.0 or later.
sslVersionMin = TLSv1.2
Produced no efect, openssl is 1.1.1g
any idea?
On 2020-07-30 0:54, Thomas Eifert wrote:
P.S.
There's also an sslVersionMax if you feel you need it.
On 7/29/2020 5:20 PM, Jorge Bastos wrote:
Howdy,
I've been trying to configure stunnel to provide only TLS 1.2 and 1.3, but no sucess. I have the configuration bellow, what could i be doing wrong?
Thanks in advanced,
sslVersion = all options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 options = NO_TLSv1.1
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
--
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
# " Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés." ****** " This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system." #