Re: [stunnel-users] Allowing only TLS 1.2 and 1.3

30 Jul 2020

      Hello all,
I currently use the following parameters to achieve exactly the same objective:
sslVersionMin = TLSv1.2
sslVersionMax = TLSv1.3
In fact, here is my full tls.conf file:
; TLS Configuration file
sslVersionMin = TLSv1.2
sslVersionMax = TLSv1.3
ciphersuites = TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
curves = X25519:P-256:X448:P-521:P-384
options = NO_COMPRESSION
options = NO_TICKET
Nothing fancy, and it works as expected. Maybe you are overriding your parameters somewhere else ?
Best regards,
Florian Stosse
Information security engineer
Safran Electronics & Defense | Safran Data Systems | Space & Communication
Phone: +33 1 69 82 79 43 • Mobile : +33 6 48 11 16 12
Safran Data Systems
5, avenue des Andes - CS 90101
91978 Courtaboeuf Cedex, France
www.safran-electronics-defense.com
De : stunnel-users [mailto:stunnel-users-bounces@stunnel.org] De la part de Jorge Bastos
Envoyé : jeudi 30 juillet 2020 10:17
À : Thomas Eifert
Cc : stunnel-users@stunnel.org
Objet : Re: [stunnel-users] Allowing only TLS 1.2 and 1.3
Howdy,
; Use sslVersionMax or sslVersionMin option instead of disabling specific TLS protocol versions when compiled
;           with OpenSSL 1.1.0 or later.
sslVersionMin = TLSv1.2
Produced no efect, openssl is 1.1.1g
any idea?
On 2020-07-30 0:54, Thomas Eifert wrote:
P.S.
There's also an sslVersionMax  if you feel you need it.
On 7/29/2020 5:20 PM, Jorge Bastos wrote:
Howdy,
I've been trying to configure stunnel to provide only TLS 1.2 and 1.3, but no sucess.
I have the configuration bellow, what could i be doing wrong?
Thanks in advanced,
sslVersion = all
options    = NO_SSLv2
options    = NO_SSLv3
options    = NO_TLSv1
options    = NO_TLSv1.1
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- 
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [stunnel-users] Allowing only TLS 1.2 and 1.3