Unless I'm mistaken, stunnel version 5 currently supports the options shown below for sslVersion:
all => TLS v1.0, TLS v1.1, TLS v1.2, SSLv2, SSLv3 TLSv1 => TLS v1.0 only (not TLS v1.1, TLSv1.2, SSLv2 or SSLv3) TLSv1.1 => TLS v1.1 only TLSv1.2 => TLS v1.2 only
In order to support TLS v1.0, TLS v1.1 and TLS v1.2 but disable SSLv2 and SSLv3, you should have in the config file:
sslVersion = all options = NO_SSLv2 options = NO_SSLv3
(those last two lines may be default in the new Stunnel). However, what if I want to just have TLSv1.1 and TLSv1.2 but NOT TLSv1.0? I last tried this with Stunnel v5.10 but nothing in the changelogs tells me that this behavior has been changed to choose a list of protocols; only one parameter is accepted.
Is there a way to allow TLSv1.1 and TLSv1.2 but disallow TLSv1.0?
Thanks, -Rob