Hi. I have a java web app that uses weak crypto. I would like to be able to access it with a modern browser. Currently the only method that seems to work is links on freebsd 9.3, all other browsers give errors such as: Error performing TLS handshake: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). Obviously it would be better if this was fixed but it is not something I have control of. Would it be possible for me to use stunnel to encapsulate the weak connection within a stronger one so the browser does not complain? I have tried this: ; TLS front-end to a web server [https] client = yes accept = 443 connect = 192.168.1.5:443 cert = /usr/local/etc/stunnel/stunnel.pem Which asks me to make an exception for the self signed cert but then proceeds to fail in same way as before. Cheers -- Pete