Configuring stunnel and openssl on Windows to support TLS 1.2
Good morning, I'm hoping you can help point me in the right direction. The problem I'm trying to solve is enabling TLS 1.2 connections on a Windows (environment has both Windows 2008 and Windows 10 environments) platform. Currently, my private keys are managed by the Windows certificate store, using the capi engineId within stunnel (v 5.41), which uses OpenSSL 1.0.1. Because of this, stunnel can only negotiate a TLS 1.1 connection. I've tried compiling OpenSSL 1.1.0f and stunnel 5.41, but no luck either cross compiling under CentOS, nor under Windows using either MSYS2/MINGW32 or Cygwin. What I'm looking for is any one of the following 1) solid current cross-compiling examples or references 2) solid current Windows compiling examples or references using extant versions 3) a way to manage the pfx/p12 (private key) in stunnel without resorting to the Windows certificate store. Option 3 is preferred. I see how to manage pkcs11, but not pkcs12. Thank you in advance! Liz Turi Sr. Consultant Massachusetts eHealth Collaborative 860 Winter Street, Waltham, MA 02451 (m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589 www.maehc.org<http://www.maehc.org> [fb_icon]<https://www.facebook.com/massachusettsehealthcollab?fref=nf>[li_icon]<https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>[tw_icon]<https://twitter.com/MAeHC_org> CONFIDENTIALITY NOTICE The information contained in this email transmission is legally privileged and confidential information intended only for the use of the addressee named above. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution or copying of this email transmission is strictly prohibited. If you have received this email transmission in error, please notify us immediately. Thank you.
Issue resolved. I was overthinking it, once I used cert=/path/to/file.p12, and let stunnel prompt for password, it all worked. Liz Turi Sr. Consultant Massachusetts eHealth Collaborative 860 Winter Street, Waltham, MA 02451 (m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589 www.maehc.org<http://www.maehc.org> [fb_icon]<https://www.facebook.com/massachusettsehealthcollab?fref=nf>[li_icon]<https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>[tw_icon]<https://twitter.com/MAeHC_org> From: Liz Turi Sent: Tuesday, June 13, 2017 8:40 AM To: 'stunnel-users@stunnel.org' <stunnel-users@stunnel.org> Subject: Configuring stunnel and openssl on Windows to support TLS 1.2 Good morning, I'm hoping you can help point me in the right direction. The problem I'm trying to solve is enabling TLS 1.2 connections on a Windows (environment has both Windows 2008 and Windows 10 environments) platform. Currently, my private keys are managed by the Windows certificate store, using the capi engineId within stunnel (v 5.41), which uses OpenSSL 1.0.1. Because of this, stunnel can only negotiate a TLS 1.1 connection. I've tried compiling OpenSSL 1.1.0f and stunnel 5.41, but no luck either cross compiling under CentOS, nor under Windows using either MSYS2/MINGW32 or Cygwin. What I'm looking for is any one of the following 1) solid current cross-compiling examples or references 2) solid current Windows compiling examples or references using extant versions 3) a way to manage the pfx/p12 (private key) in stunnel without resorting to the Windows certificate store. Option 3 is preferred. I see how to manage pkcs11, but not pkcs12. Thank you in advance! Liz Turi Sr. Consultant Massachusetts eHealth Collaborative 860 Winter Street, Waltham, MA 02451 (m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589 www.maehc.org<http://www.maehc.org> [fb_icon]<https://www.facebook.com/massachusettsehealthcollab?fref=nf>[li_icon]<https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>[tw_icon]<https://twitter.com/MAeHC_org> CONFIDENTIALITY NOTICE The information contained in this email transmission is legally privileged and confidential information intended only for the use of the addressee named above. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution or copying of this email transmission is strictly prohibited. If you have received this email transmission in error, please notify us immediately. Thank you.
participants (1)
-
Liz Turi