We failed to using stunnel to connect to remote server which only accept TLS1.2. So we configured the stunnel on our side with below stunnel.conf. We have another program listening to localhost:3500 and process the response from server. I would appreciate any suggestion.

1. Stunnel version: 2021.02.02 10:35:27 LOG5[main]: stunnel 5.58 on x64-pc-mingw32-gnu platform 2021.02.02 10:35:27 LOG5[main]: Compiled/running with OpenSSL 1.1.1h 22 Sep 2020 2021.02.02 10:35:27 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI 2021.02.02 10:35:27 LOG5[main]: Reading configuration from file stunnel.conf 2021.02.02 10:35:27 LOG5[main]: UTF-8 byte order mark not detected 2021.02.02 10:35:27 LOG4[main]: Service [FIXSERVER] needs authentication to prevent MITM attacks 2021.02.02 10:35:27 LOG5[main]: Configuration successful

2. stunnel.conf

[FIXSERVER] cert = stunnel.pem client = yes fips = no accept = 127.0.0.1:3000 connect = 63.247.***.***:443 sslVersion = TLSv1.2

3. error returned: An existing connection was forcibly closed by the remote host

4. openssl s_client -connect 63.247.***.***:443 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2814 bytes and written 419 bytes Verification error: self signed certificate in certificate chain --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE