Is it just me, or does stunnel not seem to obey the ssl 'options' setting in the config file? I have the lines:
options = TLS_ROLLBACK_BUG options = NO_TLSv1 options = NO_SSLv3
And when I start stunnel, the output is:
2004.12.20 07:47:46 LOG7[9981:1024]: Configuration SSL options: 0x06800000 2004.12.20 07:47:46 LOG7[9981:1024]: SSL options set: 0x06800000
So all looks well ang good... But then when it sends the client hello message, one would expect an ssl2 message, but we get the following output:
2004.12.20 07:47:51 LOG7[9984:1026]: SSL state (connect): SSLv3 write client hello A 2004.12.20 07:47:51 LOG7[9984:1026]: waitforsocket: FD=10, DIR=read 2004.12.20 07:47:51 LOG7[9984:1026]: waitforsocket: ok 2004.12.20 07:47:51 LOG7[9984:1026]: SSL alert (write): fatal: handshake failure 2004.12.20 07:47:51 LOG3[9984:1026]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
That first line seems to indicate that it's still sending a v3 message. Is this actually what's happening?