I’m running stunnel in server-mode with options “NO_SSLV2” and “NO_SSLV3” and sslVersion=all.

My client also explicitly disables SSLv2 and SSLv3.

 

My client’s ssl-log (-Djavax.net.debug=ssl) confirms that, during handshake and for application data, the highest TLS protocol version is being used.

 

How come, stunnel log still shows “SSLv3” ?

 

2015.02.03 14:42:46 LOG5[8415:140561397376768]: ldaps-in accepted connection from X.X.X.X:65158

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): before/accept initialization

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read client hello A

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write server hello A

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write certificate A

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write server done A

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 flush data

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read client key exchange A

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 read finished A

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write change cipher spec A

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 write finished A

2015.02.03 14:42:46 LOG7[8415:140561397376768]: SSL state (accept): SSLv3 flush data

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    9 items in the session cache

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client connects (SSL_connect())

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client connects that finished

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 client renegotiations requested

2015.02.03 14:42:46 LOG7[8415:140561397376768]:   12 server connects (SSL_accept())

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    9 server connects that finished

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 server renegotiations requested

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache hits

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 external session cache hits

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache misses

2015.02.03 14:42:46 LOG7[8415:140561397376768]:    0 session cache timeouts

2015.02.03 14:42:46 LOG6[8415:140561397376768]: SSL accepted: new session negotiated

2015.02.03 14:42:46 LOG6[8415:140561397376768]: Negotiated ciphers: AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

 

Is my client’s ssl-log wrong? Or stunnel’s?

 

 

Kind regards,

Christian Tenvenne