Unless I'm mistaken, stunnel version 5 currently supports the options shown below for sslVersion: all => TLS v1.0, TLS v1.1, TLS v1.2, SSLv2, SSLv3 TLSv1 => TLS v1.0 only (not TLS v1.1, TLSv1.2, SSLv2 or SSLv3) TLSv1.1 => TLS v1.1 only TLSv1.2 => TLS v1.2 only In order to support TLS v1.0, TLS v1.1 and TLS v1.2 but disable SSLv2 and SSLv3, you should have in the config file: sslVersion = all options = NO_SSLv2 options = NO_SSLv3 (those last two lines may be default in the new Stunnel). However, what if I want to just have TLSv1.1 and TLSv1.2 but NOT TLSv1.0? I last tried this with Stunnel v5.10 but nothing in the changelogs tells me that this behavior has been changed to choose a list of protocols; only one parameter is accepted. Is there a way to allow TLSv1.1 and TLSv1.2 but disallow TLSv1.0? Thanks, -Rob