Nitin - sorry, I didn't realize this was a response to my message and I sent a followup message before reading this one.
I have your patch in a previous message. I'm not familiar with "patching". Can you give me quickie instructions on doing that, or refer me to a link that explains it? I assume I need to patch the source code, right? If so, I have stunnel version 5.35. Do I need to apply this patch to a more recent version?
Are there any other sslVersions stunnel supports?
Thanks --Mark
-----Original Message----- On Tue, 13 Mar 2018 22:21:24 +0400 Nitin Mutkawoa jmutkawoa@hackers.mu wrote:
hello
Sorry, I was not clear enough in my previous mail. The patch allows you to specify TLS 1.3 in the configuration file and do a TLS 1.3 only.
regards
Nitin J Mutkawoa
https://tunnelix.com https://hackers.mu
Twitter: @TheTunnelix
On Tue, Mar 13, 2018 at 3:13 PM, Ma??gorzata Olszówka < Malgorzata.Olszowka@stunnel.org> wrote:
I'm also working on TLS 1.3 compatibility with Stunnel. I will reach the
mailing list as soon as possible with a tested patch.
Hello Nitin, Could you specify what problem do you have with TLS 1.3. It works for me:
2018.03.13 11:39:06 LOG5[ui]: stunnel 5.44 on x86_64-unknown-linux-gnu platform 2018.03.13 11:39:06 LOG5[ui]: Compiled/running with OpenSSL 1.1.1-pre2-dev xx XXX xxxx ??? 2018.03.13 11:39:23 LOG6[0]: Negotiated TLSv1.3 ciphersuite TLS13-AES-256-GCM-SHA384 (256-bit encryption)
Regards, Ma??gorzata _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
My OpenSSL does appear to support TLSv1. running 'openssl ciphers -v TLSv1' does return a list of ciphers whereas 'openssl ciphers -v TLSv1.3' give me a "no cipher match" error, so I don't think the TLS1.3 patch is going to solve my problem. Why am I not able to run stunnel specifying "sslVersion = TLSv1"? The error I got was:
2018.03.13 13:22:03 LOG3[0]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
My configs:
SERVER:
foreground = yes pid = /var/run/stunnel.pid debug = 7 ; output = /root/stunnel.log output = /dev/stdout sslVersion = TLSv1 [x11vnc] accept = 3389 key = /root/privatekey.pem cert = /root/certificate.pem connect = 127.0.0.1:5900
CLIENT:
foreground = yes verify = 2 pid = /home/mfoley/.stunnel/stunnel.pid CAfile = /home/mfoley/.stunnel/certificate.pem client = yes sslVersion = TLSv1
[x11vnc] accept = 5900 connect = serverhost.org:1914
Not trying to be a maillist pest ...
--Mark
-----Original Message----- From: Mark Foley mfoley@novatec-inc.com Date: Wed, 14 Mar 2018 11:09:56 -0400 Organization: Novatec Software Engineering, LLC To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] basic usage question
Nitin - sorry, I didn't realize this was a response to my message and I sent a followup message before reading this one.
I have your patch in a previous message. I'm not familiar with "patching". Can you give me quickie instructions on doing that, or refer me to a link that explains it? I assume I need to patch the source code, right? If so, I have stunnel version 5.35. Do I need to apply this patch to a more recent version?
Are there any other sslVersions stunnel supports?
Thanks --Mark
-----Original Message----- On Tue, 13 Mar 2018 22:21:24 +0400 Nitin Mutkawoa jmutkawoa@hackers.mu wrote:
hello
Sorry, I was not clear enough in my previous mail. The patch allows you to specify TLS 1.3 in the configuration file and do a TLS 1.3 only.
regards
Nitin J Mutkawoa
https://tunnelix.com https://hackers.mu
Twitter: @TheTunnelix
On Tue, Mar 13, 2018 at 3:13 PM, Ma??gorzata Olszówka < Malgorzata.Olszowka@stunnel.org> wrote:
I'm also working on TLS 1.3 compatibility with Stunnel. I will reach the
mailing list as soon as possible with a tested patch.
Hello Nitin, Could you specify what problem do you have with TLS 1.3. It works for me:
2018.03.13 11:39:06 LOG5[ui]: stunnel 5.44 on x86_64-unknown-linux-gnu platform 2018.03.13 11:39:06 LOG5[ui]: Compiled/running with OpenSSL 1.1.1-pre2-dev xx XXX xxxx ??? 2018.03.13 11:39:23 LOG6[0]: Negotiated TLSv1.3 ciphersuite TLS13-AES-256-GCM-SHA384 (256-bit encryption)
Regards, Ma??gorzata _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Mark Foley