No luck. The downloaded stunnel 5.56 behaves exactly as 5.48 - it logs "CAPI_GET_KEY:cryptacquirecontext error" or "CAPI_CTX_SET_PROVNAME:cryptacquirecontext error" (depending on selected csp_name and csp_type) *.* Did anyone succeed in getting stunnel+capi work for TLS 1.2 ? Maybe some OpenSSL configuration commands could help... But I cannot imagine what. And I did see "You also need to disable TLS 1.2 or later because the CryptoAPI engine currently does not support PSS" phrase in sample stunnel.conf - isn't it an obsolete restriction?
Thanks in advance, Michael
On Wed, Jun 3, 2020 at 12:13 AM Jose Alf. josealf@rocketmail.com wrote:
Hi Michael,
See below:
On Tuesday, June 2, 2020, 10:42:30 AM GMT-5, Michael S. Chusovitin < tchuss@gmail.com> wrote:
Stunnel version is 5.48 with OpenSSL 1.0.2o-fips. (in this very case I
need to use 32bit version, so no possibility to upgrade).
Actually, you can upgrade your Windows 32-bit stunnel. Either, you compile your own, or you can get the latest from here:
https://github.com/josealf/stunnel-win32/blob/master/stunnel-testing-win32-5...
Regards, Jose