Hello,

This is my first run with stunnel.

I have unbound and stunnel on openBSD to do DNS-over-TLS and it works (fine).

I want now to enforce TLS security so I added the following options: sslVersion = TLSv1.2 options = CIPHER_SERVER_PREFERENCE ciphers = [list] curve = [name]

When it will be ready to production, I will add: verify = 3 CA* OCSP*

For now, I don't find any information about using dhparam file. Something like SSLOpenSSLConfCmd DHParameters "/path/to/file.pem" in Apache. How can I do it possible? Could you point me some informations or the path to do it please? Could you confirm that I can't use TLS1.3 for now in stunnel? May be you could have some security advices ?

Best regards,