Dan, use Wireshark, capture traffic using Stunnel, set a filter based on the destination IP (i.e., "ip.addr == 10.5.2.0/24" if class C network), look for traffic with the host, and look for "Protocol" column. For my captures, it shows "TLSv1.2" and for "Secure Sockets Layer" it shows the handshakes and ciphers as v1.2. You can drill down the TLS exchange, from the cipher suites offered and finally the negotiated version, it should show "TLS 1.2".
In your config file you can specify only TLS v1.2 by: sslVersion = TLSv1.2
On my systems, it appears to negotiate at TLS v1.0 (the "Client Hello") but the server Hello is at TLS v1.2. Once you see the Cipher suite, you can verify if the one chosen is TLS v1.2 by using this: https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet
In your Wireshark captures, look for "Cipher Suite:" in the Server Hello, and that should tell you the Cipher used, and you can infer TLS v1.2 based on the Cipher and that Cheat Sheet, and especially that Mozilla site ("cipher names correspondence table").
Regards, -Rob
On Wed, Jun 27, 2018 at 10:17 AM Daniel Trickett daniel.trickett@emdmillipore.com wrote:
If I use stunnel 5.44, how do I know that the protocol being used is TLS1.2? Is it the default?
Working with supplier sites which still accept 1.0/1.1, but want to make sure that I am using 1.2, as they will be disabling the older protocols.
Thanks and Best regards, Dan