On Fri, 20 Jan 2006, Moehrke, John (GE Healthcare) wrote:
It is not the list of ciphers that I want to choose from. We are indeed using a select set of ciphers and that seems to be working fine. My problem is that when stunnel connects to the server it is trying sslv3, and this causes an error as the server is only supporting TLS. I could easily be wrong...
Ah, that way.
options = SSL_options OpenSSL library options
The parameter is the OpenSSL option name as described in the SSL_CTX_set_options(3ssl) manual, but without SSL_OP_ prefix. Several options can be used to specify multiple options.
For example for compatibility with erroneous Eudora SSL implementation the following option can be used:
options = DONT_INSERT_EMPTY_FRAGMENTS
Check the SSL_CTX_set_options manpage, it says -amongst other things-:
SSL_OP_NO_SSLv2 Do not use the SSLv2 protocol.
SSL_OP_NO_SSLv3 Do not use the SSLv3 protocol.
SSL_OP_NO_TLSv1 Do not use the TLSv1 protocol.
That ought to do the trick I'd say.
Let us know if it did :)
Jan