Hello Together,
I had been trying to use a stunnel to set PSK encrypted TLS. Below is my conf file.
[client] client = yes accept = 127.0.0.1:8888 connect = 192.168.1.100:443 ciphers = PSK-AES128-CBC-SHA256 PSKsecrets = /data/dummy.txt
I can see communication, but client e.g. Stunnel from Client side offer several other cipher in addition to exact one which is expected as per conf. I wish PSK-AES128-CBC-SHA256 (0x00ae)
But I see the list below in actual communication.
[image: image.png]
Please let me know 1 .how we can inform stunnel to use exact and only 1 cipher provided in the conf file. Or 2. How can we state hex id instead of string.
If I see a cipher list, with the same keyword as a part or whole there are more than 1 ciphers, I suppose this causes stunnel to take a list as per string match.
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 *PSK-AES128-CBC-SHA256 * TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256
Can we make a stunnel to select only one exact cipher?
