Hi,
When building stunnel against OpenSSL 1.0.1 support for TLS v1.1/v1.2 gets included. This patch adds options to configure these protocols in stunnel.conf.
The patch is against 4.53 and under public domain.
Best Regards, Henrik
Henrik Riomar wrote:
When building stunnel against OpenSSL 1.0.1 support for TLS v1.1/v1.2 gets included. This patch adds options to configure these protocols in stunnel.conf.
The patch is against 4.53 and under public domain.
Thank you for the patch. I will include it with the next stunnel.
From what I understand from the OpenSSL source, explicit handling of OPENSSL_NO_TLS1_2_CLIENT in stunnel is probably not a good idea.
Mike
On 09/20/2012 06:32 PM, Michal Trojnara wrote:
Thank you for the patch. I will include it with the next stunnel.
great.
From what I understand from the OpenSSL source, explicit handling of OPENSSL_NO_TLS1_2_CLIENT in stunnel is probably not a good idea.
ah yes :-) my thinking was that if an end-user sets a TLSv1.2 option he expects TLSv1.2 if the option is accepted by the software. Maybe we can log a warning about it instead in stunnel (instead of explicit handling), if that define is set and TLSv1.2 is configured by the end-user?
/ Henrik
On 09/21/2012 12:31 AM, Henrik Riomar wrote:
On 09/20/2012 06:32 PM, Michal Trojnara wrote:
From what I understand from the OpenSSL source, explicit handling of OPENSSL_NO_TLS1_2_CLIENT in stunnel is probably not a good idea.
ah yes :-) my thinking was that if an end-user sets a TLSv1.2...
after thinking about this some more... yes you are right, it is not a got idea, that check should be removed.
/ Henrik
-
Henrik Riomar -
Michal Trojnara