You have "options" or "*sslVersion*" to instruct stunnel to use a specific TLS version.
https://www.stunnel.org/static/stunnel.html
On Mon, Jul 9, 2018 at 12:25 PM, Spies, Will Will_Spies@comcast.com wrote:
So, part of this appeared to be I needed a signed cert from a CA. However, I still have problems.
Alexa apparently requires 'Interleaved TCP on port 443 (for both RTP and RTSP). TCP socket encryption on port 443 using TLS 1.2'
How do I force Stunnel to only adhere to above? I get the 443 part of course. I am seeing it try SSLv3 in the log and I imagine this is wrong.
-----Original Message----- From: Peter Pentchev [mailto:roam@ringlet.net] Sent: Thursday, July 05, 2018 8:47 AM To: Spies, Will Will_Spies@cable.comcast.com Cc: stunnel-users@stunnel.org Subject: Re: [EXTERNAL] Re: [stunnel-users] Stunnel connection issue?
On Thu, Jul 05, 2018 at 11:41:18AM +0000, Spies, Will wrote:
Thanks for the quick response. The client is an Echo Show device and there is no log. It is an RTSP connection and my backend (behind Stunnel) is Live555ProxyServer. I read somewhere there is some bug related to MSIE that closed the connection like this and the fix is to use TIMEOUTclose=0 which I did but this did not help. This is the earlier (startup) portion of my log:
Hi,
Unfortunately, without more information about what the client doesn't like about the established connection, I don't think there is anything more I can help you with :( You *might* try playing with stunnel's cipher settings (OpenSSL options), on the off chance that the client is somewhat confused and offers for negotiation a cipher or something that it later realizes it cannot support... but that would be really weird.
G'luck, Peter
-- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users