I'm running stunnel in server-mode with options "NO_SSLV2" and "NO_SSLV3" and sslVersion=all. My client also explicitly disables SSLv2 and SSLv3.
My client's ssl-log (-Djavax.net.debug=ssl) confirms that, during handshake and for application data, the highest TLS protocol version is being used.
How come, stunnel log still shows "SSLv3" ?
2015.02.03 14:42:46 LOG5[8415:140561397376768]: ldaps-in accepted connection from X.X.X.X:65158 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): before/accept initialization 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read client hello A 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write server hello A 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write certificate A 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write server done A 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 flush data 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read client key exchange A 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read finished A 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write change cipher spec A 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write finished A 2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 flush data 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 9 items in the session cache 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 0 client connects (SSL_connect()) 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 0 client connects that finished 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 0 client renegotiations requested 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 12 server connects (SSL_accept()) 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 9 server connects that finished 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 0 server renegotiations requested 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 0 session cache hits 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 0 external session cache hits 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 0 session cache misses 2015.02.03 14:42:46 LOG7[8415:140561397376768]: 0 session cache timeouts 2015.02.03 14:42:46 LOG6[8415:140561397376768]: SSL accepted: new session negotiated 2015.02.03 14:42:46 LOG6[8415:140561397376768]: Negotiated ciphers: AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
Is my client's ssl-log wrong? Or stunnel's?
Kind regards, Christian Tenvenne