Hello,

I am trying to configure Stunnel to use the insecure cipher PSK-NULL-SHA@SECLEVEL=0 but am encountering issues where a different cipher appears to be negotiated instead. My goal is to authenticate endpoints without encryption.

Here are the details of my setup:

Stunnel Version: 5.63 Operating System: Ubuntu Stunnel Configuration:

; Stunnel Configuration ; Global Options fips = no output = /var/log/stunnel.log

; Specify the pre-shared key file PSKsecrets = /etc/stunnel/psk.txt sslVersion = TLSv1.2

; PSK Server Configuration [PSK server] accept = 192.168.20.11:5074 connect = 192.168.30.11:5074 ciphers = PSK-NULL-SHA ; In OpenSSL, I can achieve my goal using the following command, which works as expected:

openssl s_client -port 5074 -cipher "PSK-NULL-SHA@SECLEVEL=0" -psk 4f8583bca4d311ee9fd6034d1fcbd7c3 -tls1

However, with Stunnel, it appears a different cipher is negotiated, and I do not see any error messages in the logs.

I tcpdumped the connection and observed the traffic is being encrypt which was not the case when using openssl. In my usecase I need to authenticate endpoints without encryption, hence the use of PSK-NULL-SHA@SECLEVEL=0.

Could you please advise on how to properly configure Stunnel to use the PSK-NULL-SHA@SECLEVEL=0 cipher, or if this is supported?

Thank you for your assistance. Flavio Castro