Hi all,
We need use of sslv3 but with debian Jessie package version 5.06 this is not working.
I have add options -NO_SSLv3 still same.
Can you check if my configuration is good and if you have any idea to have sslv3 working with this verison.
# stunnel.conf
syslog = no
cert = /etc/ssl/certs/test.crt.pem key = /etc/ssl/private/test.key.pem CAfile = /etc/ssl/certs/test.ca-bundle
# Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = all options = -NO_SSLv3 ciphers = AES256-SHA #ciphers = ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
# Some debugging stuff useful for troubleshooting debug = 7 output = /stunnel.log
# Debian and Ubuntu chroot config chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid
# Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 socket = l:SO_KEEPALIVE=1 socket = r:SO_KEEPALIVE=1
[test] accept = 11443 connect = 127.0.0.1:11444
# stunnel log with openssl test SSL_accept: 14076102: error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol
openssl s_client -connect 127.0.0.1:11443 -ssl3 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1462525363 Timeout : 7200 (sec) Verify return code: 0 (ok)