Markus Borst (HRZ) wrote:
Since the use of these options in this combination is not clear from the documentation, I have a few suggestions to update the docs:
Writing documentation is something I'm not really good at. Feel free to to contribute any updates to the manual (stunnel.pod).
As a longer term enhancement, I suggest making the "sslVersion" option multi-valued.
Unfortunately this is not really technically feasible due to limitations of the SSL/TLS protocol itself. 8-) https://www.ietf.org/rfc/rfc2246.txt
And the above configuration should go as an example into the default config file, since this particular combination ("sslVersion=all" AND "options=NO_SSLv2") ist a bit counter intuitive.
This is actually quite simple: - sslVersion is about the version of SSL/TLS protocol specification - options is about internal OpenSSL tweaks: http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html I don't think it's a good idea to reproduce this manual in stunnel.
Mike