On 21 Sep 2016, at 03:15, Scott McKeown <scott@loadbalancer.org> wrote:And finally 'DONT_INSERT_EMPTY_FRAGMENTS' will mitigate an issue in the CBC ciphers that was in the SSLv3 and TLS1.0 cipher lists again I only include it for sanity sake now but its better to have than to go without.The 'CIPHER_SERVER_PREFERENCE' option will make set whether the client is allowed to renegotiat the ciphers that are to be used between the client and the server process.The three 'options' sections turn off all the known problematic cipher lists if you need a key that is in one of these block feel free to remove that directive but I think a good start would be to leave the 'NO_SSLv3' option in placeDelay will delay and DNS lookups that maybe actioned by the request (not normally needed but I always include if for sanity sake)I would try adding the following lines into your STunnel Configuration file:There are a few options that you can try to resolve this if it is.Hi Guys,To me this looks like a cipher issue.delay = yes options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 options = CIPHER_SERVER_PREFERENCE options = DONT_INSERT_EMPTY_FRAGMENTS