To add TLS 1.3 compatibility on Stunnel, the following patch was applied and tested.

--- options.c.orig 2018-03-13 04:06:01.410477727 +0000

+++ options.c 2018-03-13 05:42:51.883782519 +0000

@@ -2675,6 +2675,18 @@ NOEXPORT char *parse_service_option(CMD

#else /* defined(OPENSSL_NO_TLS1_2) */

return "TLSv1.2 not supported";

#endif /* !defined(OPENSSL_NO_TLS1_2) */

+ } else if(!strcasecmp(arg, "TLSv1.3")) {

+#ifndef OPENSSL_NO_TLS1_3

+ section->client_method=(SSL_METHOD *)TLS_client_method();

+ section->server_method=(SSL_METHOD *)TLS_server_method();

+ section->ssl_options_set|= SSL_OP_NO_SSLv2;

+ section->ssl_options_set|= SSL_OP_NO_SSLv3;

+ section->ssl_options_set|= SSL_OP_NO_TLSv1;

+ section->ssl_options_set|= SSL_OP_NO_TLSv1_1;

+ section->ssl_options_set|= SSL_OP_NO_TLSv1_2;

+#else /* defined(OPENSSL_NO_TLS1_3) */

+ return "TLSv1.3 not supported";

+#endif

#endif /* OPENSSL_API_COMPAT<0x10100000L */

} else

return "Incorrect version of TLS protocol";