Hello, This is my first run with stunnel. I have unbound and stunnel on openBSD to do DNS-over-TLS and it works (fine). I want now to enforce TLS security so I added the following options: sslVersion = TLSv1.2 options = CIPHER_SERVER_PREFERENCE ciphers = [list] curve = [name] When it will be ready to production, I will add: verify = 3 CA* OCSP* For now, I don't find any information about using dhparam file. Something like SSLOpenSSLConfCmd DHParameters "/path/to/file.pem" in Apache. How can I do it possible? Could you point me some informations or the path to do it please? Could you confirm that I can't use TLS1.3 for now in stunnel? May be you could have some security advices ? Best regards, -- mlrx