-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Stephen Hogan wrote:
2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write client hello A
[cut]
I have a basic (shaky) understanding that the "handshake" for TLS does downgrade to SSLv3 if newer versions of TLS fail, but I am wondering if I apply the update recommended on the firewall, will this cut the communication for the SMTP relay, the way I am using it?
The debug messages produced by stunnel can sometimes be confusing. They are intended to be helpful to developers, and not end-users.
OpenSSL implements the SSL/TLS/DTLS protocols with three separate finite state machines: SSLv2, SSLv3, and DTLS1. http://en.wikipedia.org/wiki/Automata-based_programming All TLS protocols use the SSLv3 state machine, thus the state name does not reflect the actual protocol being negotiated.
See the source for details: https://github.com/openssl/openssl/blob/master/ssl/ssl_stat.c
Best regards, Mike