Hi,
I want to use stunnel with TLSv1.2 ciphers but it doesn't work. I use stunnel 5.07 compiled from source with prefix /opt/stunnel and lastest openssl (1.0.1j)
This is my main configuration file:
chroot = /opt/stunnel/var/lib/stunnel/ pid = /stunnel4.pid **cert = /opt/stunnel/etc/blabla/bla.pem key = /opt/stunnel/etc/blabla/bla.key ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 options = NO_SSLv2 [imaps] accept = 993 connect = 143
I had to use one of this ciphers: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 DHE-RSA-AES256-GCM-SHA384
When i tried to use imaps connection over stunnel : root@bla: imtest -a homer -w homer -p 993 -s localhost SSL_connect error 0 SSL session removed failure: TLS negotiation failed
if i use a SSLv3 cipher it works. root@bla: imtest -a homer -w homer -p 993 -s localhost verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Someone have any idea ? Thanks. Jeremy
Jeremy,
Does imtest have support for the ciphers that you want to use?
If you increase the stunnel log level you should see more details about the TLS handshake.
My guess is that imtest does not support the newest cipher that you are using.
Have you tested with openssl s_client?
Cheers----------------- Leandro Avila
On Friday, December 5, 2014 8:32 AM, Jérémy WILLIAME jeremy.williame@ovh.net wrote:
Hi,
I want to use stunnel with TLSv1.2 ciphers but it doesn't work. I use stunnel 5.07 compiled from source with prefix /opt/stunnel and
lastest openssl (1.0.1j)
This is my main configuration file:
chroot = /opt/stunnel/var/lib/stunnel/ pid = /stunnel4.pid cert = /opt/stunnel/etc/blabla/bla.pem key = /opt/stunnel/etc/blabla/bla.key ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 options = NO_SSLv2 [imaps] accept = 993 connect = 143
I had to use one of this ciphers: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 DHE-RSA-AES256-GCM-SHA384
When i tried to use imaps connection over stunnel : root@bla: imtest -a homer -w homer -p 993 -s localhost SSL_connect error 0 SSL session removed failure: TLS negotiation failed
if i use a SSLv3 cipher it works. root@bla: imtest -a homer -w homer -p 993 -s
localhost
verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher DHE-RSA-AES128-SHA
(128/128 bits)
Someone have any idea ? Thanks. Jeremy
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users