Hi,
Without wishing to polemicize, since obviously it is always necessary to have the software as up to date as possible, my answer was more aimed at confirming that with stunnel version 5.01 you could have TLSv1.2 working.
Moreover, as Peter rightly comments, my trace clearly shows that my stunnel 5.00 is running on a linux whose binary is compiled with openssl 1.0.1f from January 6, 2014. While in the traces uploaded by the thread opener it is seen that his stunnel 5.01 binary is compiling with openssl 1.0.1g of April 7, 2014.
I want to understand that if openssl version 1.0.1f already supported TLSv1.2 version 1.0.1g would as well.
Thank you all for the information shared in the thread.
Regards.
El 30/5/25 a las 11:47, Peter Pentchev via stunnel-users escribió:
On Thu, May 29, 2025 at 05:55:43PM +0200, Lista_-_Stunnel via stunnel-users wrote:
Hi,
Sorry for my english.
I have a stunnel 5.00 with TLSv1.2
+-+-+-+ stunnel 5.00 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1f 6 Jan 2014 Threading:PTHREAD Sockets:POLL,IPv4 SSL:ENGINE,OCSP errno: (*__errno_location ()) +-+-+-+
This is a Linux installation; it is entirely possible that it uses the system's OpenSSL library, which may have been updated sometime in the last ten years. The original poster uses a Windows one:
2014.05.15 13:38:22 LOG5[10132]: stunnel 5.01 on x86-pc-msvc-1500 platform
AFAIK (and many apologies to the stunnel authors if this is wrong!), the Windows installer of stunnel brings its own copy of OpenSSL and some relateed libraries, so if the ones distributed with it at the time it was installed do not support TLS 1.2, that's it.
To the original poster: the bundled OpenSSL libraries are only one of the reasons stunnel installations, just like any other software, MUST be updated periodically. stunnel 5.01 is much too old, and I can think of many bugfixes and several security vulnerabilities that have been fixed in both stunnel and OpenSSL in that time. You MUST upgrade. I know it can be difficult to arrange in some production scenarios, but security-sensitive software must be kept up to date.
G'luck, Peter
stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org