Classification: Restricted
Dear All,
Objective :
We have been informed by Euroclear that we must use the following ciphers below with our stunnel connection to them
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Server details :
[cid:image001.png@01DABB28.6D132C70]
The required cipher has been defined as being the first in the list. [cid:image002.png@01DABB28.6D132C70]
Information security has confirmed that the cipher has been enabled
[cid:image006.png@01DABB29.42BE4530]
However after rebooting the server and starting stunnel – the old ciphers are still being used
[cid:image003.png@01DABB28.6D132C70]
Please can anyone point us in the right direction as to what we are doing wrong.
Thank you
Daniel Glick Application Specialist, Investment Management & Finance Platform Arbuthnot Latham & Co., Limited ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our Privacy Notice, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
*********************************************************************** Arbuthnot Latham & Co., Limited Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited, DIFC Branch, is regulated by the Dubai Financial Services Authority ("DFSA").
Registered in England and Wales 819519. Registered office: Arbuthnot House 7 Wilson Street London EC2M 2SN Tel : 020 7012 2500 Fax : 020 7012 2501 ************************************************************************
Hi,
Have you updated the stunnel config file with your ciphersuites choices?
From: https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS
ciphersuites = CIPHERSUITES_LIST select permitted TLSv1.3 ciphersuites A colon-delimited list of TLSv1.3 ciphersuites names in order of preference. This option requires OpenSSL 1.1.1 or later. default: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 Regards,
Duncan Morris OpenVMS Consultant Engineer CDL www.cdl.co.ukhttp://www.cdl.co.uk/ohttp:/www.cdl.co.uk/
Advanced Notice of Annual Leave: 18th-28th July 2024 24th Aug–4th September 2024
T: +44 (0)161 480 4420 T: +44 (0)161 475 4111 F: +44 (0)161 480 4415 M: +44 (0)7872 526049
CDL - EXTERNAL
From: Glick, Daniel DanielGlick@arbuthnot.co.uk Sent: Monday, June 10, 2024 11:28 AM To: stunnel-users@stunnel.org Subject: [stunnel-users] help required with stunnel cipher set up
You don't often get email from danielglick@arbuthnot.co.ukmailto:danielglick@arbuthnot.co.uk. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification
Classification: Restricted
Dear All,
Objective :
We have been informed by Euroclear that we must use the following ciphers below with our stunnel connection to them
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Server details :
[cid:image001.png@01DABB44.99433620]
The required cipher has been defined as being the first in the list. [cid:image002.png@01DABB44.99433620]
Information security has confirmed that the cipher has been enabled
[cid:image004.png@01DABB44.99433620]
However after rebooting the server and starting stunnel – the old ciphers are still being used
[cid:image005.png@01DABB44.99433620]
Please can anyone point us in the right direction as to what we are doing wrong.
Thank you
Daniel Glick Application Specialist, Investment Management & Finance Platform Arbuthnot Latham & Co., Limited
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our Privacy Noticehttps://www.arbuthnotlatham.co.uk/privacy-notice/, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.
Arbuthnot Latham & Co., Limited Arbuthnot House 7 Wilson Street London EC2M 2SN
Tel : +44 (0)20 7012 2500 www.arbuthnotlatham.co.ukhttps://www.arbuthnotlatham.co.uk/
[https://www.cdl.co.uk/assets/site-wide/social-newshub-icon.jpeg]https://www.cdl.co.uk/media/newsletter.html[https://www.cdl.co.uk/assets/site-wide/social-vacancy-icon.png]https://www.cdl.co.uk/careers/vacancies.html[https://www.cdl.co.uk/assets/site-wide/social-twitter-icon.png]http://twitter.com/CDL_Software[https://www.cdl.co.uk/assets/site-wide/social-linkedin-icon.png]http://www.linkedin.com/company/cdl-cheshire-datasystems-ltd-[https://www.cdl.co.uk/assets/site-wide/social-facebook-icon.png]https://en-gb.facebook.com/CDLSoftware ________________________________
Please consider the environment - Do you really need to print this email?
This email is intended only for the person(s) named above and may contain private and confidential information. If it has come to you in error, please destroy and permanently delete any copy in your possession, and contact us on +44 (0)161 480 4420. The information in this email is copyright © CDL Group Holdings Limited. We cannot accept liability for any loss or damage sustained as a result of software viruses. It is your responsibility to carry out such virus checking as is necessary before opening any attachment.
Cheshire Datasystems Limited uses software which automatically screens incoming emails for inappropriate content and attachments. If the software identifies such content or attachment, the email will be forwarded to our Technology department for checking. You should be aware that any email that you send to Cheshire Datasystems Limited is subject to this procedure.
________________________________ Cheshire Datasystems Limited, Strata House, Kings Reach Road, Stockport, SK4 2HD Registered in England and Wales with company number 3991057 VAT registration: 727 1188 33
Classification: Restricted
Hi Duncan,
Thank you for your email.
The parameters we have set up in the stunnel config are as follows : (also we are using stunnel version 5.67)
; Certificate/key is needed in server mode and optional in client mode cert = ARB03.pem key = ARB03.pem
; Disable support for insecure SSLv2 protocol options = NO_SSLv2 options = NO_SSLv3
sslVersion = TLSv1.3 ciphersuites = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_128_GCM_SHA25
the version of OpenSSL is
[cid:image015.png@01DABB48.6F4F7A50]
However when we reboot the server and check the stunnel log – we receive a fatal error, as the ciphers are not recognised
2024.06.10 15:00:34 LOG7[8]: TLS alert (write): fatal: internal error 2024.06.10 15:00:34 LOG3[8]: SSL_connect: ssl/statem/statem_clnt.c:3745: error:0A0000B5:SSL routines::no ciphers available
Any ideas
Thank you Danny
From: Duncan Morris Duncan.Morris@cdl.co.uk Sent: Monday, 10 June 2024 14:44 To: Glick, Daniel DanielGlick@arbuthnot.co.uk; stunnel-users@stunnel.org Subject: RE: help required with stunnel cipher set up
Classification: Restricted
This message originated from outside your organization ________________________________ Hi,
Have you updated the stunnel config file with your ciphersuites choices?
From: https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONShttps://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS
ciphersuites = CIPHERSUITES_LIST select permitted TLSv1.3 ciphersuites A colon-delimited list of TLSv1.3 ciphersuites names in order of preference. This option requires OpenSSL 1.1.1 or later. default: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 Regards,
Duncan Morris OpenVMS Consultant Engineer CDL www.cdl.co.ukhttp://www.cdl.co.uk/ohttp:/www.cdl.co.uk/
Advanced Notice of Annual Leave: 18th-28th July 2024 24th Aug–4th September 2024
T: +44 (0)161 480 4420 T: +44 (0)161 475 4111 F: +44 (0)161 480 4415 M: +44 (0)7872 526049
CDL - EXTERNAL From: Glick, Daniel <DanielGlick@arbuthnot.co.ukmailto:DanielGlick@arbuthnot.co.uk> Sent: Monday, June 10, 2024 11:28 AM To: stunnel-users@stunnel.orgmailto:stunnel-users@stunnel.org Subject: [stunnel-users] help required with stunnel cipher set up
You don't often get email from danielglick@arbuthnot.co.ukmailto:danielglick@arbuthnot.co.uk. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification
Classification: Restricted
Dear All,
Objective :
We have been informed by Euroclear that we must use the following ciphers below with our stunnel connection to them
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Server details :
[cid:image001.png@01DABB47.EAB762D0]
The required cipher has been defined as being the first in the list. [cid:image002.png@01DABB47.EAB762D0]
Information security has confirmed that the cipher has been enabled
[cid:image003.png@01DABB47.EAB762D0]
However after rebooting the server and starting stunnel – the old ciphers are still being used
[cid:image004.png@01DABB47.EAB762D0]
Please can anyone point us in the right direction as to what we are doing wrong.
Thank you
Daniel Glick Application Specialist, Investment Management & Finance Platform Arbuthnot Latham & Co., Limited
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our Privacy Noticehttps://www.arbuthnotlatham.co.uk/privacy-notice/, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.
Arbuthnot Latham & Co., Limited Arbuthnot House 7 Wilson Street London EC2M 2SN
Tel : +44 (0)20 7012 2500 www.arbuthnotlatham.co.ukhttps://www.arbuthnotlatham.co.uk/ [cid:image005.jpg@01DABB4B.90877A30]https://www.cdl.co.uk/media/newsletter.html[cid:image007.png@01DABB4B.90877A30]https://www.cdl.co.uk/careers/vacancies.html[cid:image009.jpg@01DABB4B.90877A30]http://twitter.com/CDL_Software[cid:image011.jpg@01DABB4B.90877A30]http://www.linkedin.com/company/cdl-cheshire-datasystems-ltd-[cid:image013.jpg@01DABB4B.90877A30]https://en-gb.facebook.com/CDLSoftware ________________________________
Please consider the environment - Do you really need to print this email?
This email is intended only for the person(s) named above and may contain private and confidential information. If it has come to you in error, please destroy and permanently delete any copy in your possession, and contact us on +44 (0)161 480 4420. The information in this email is copyright © CDL Group Holdings Limited. We cannot accept liability for any loss or damage sustained as a result of software viruses. It is your responsibility to carry out such virus checking as is necessary before opening any attachment.
Cheshire Datasystems Limited uses software which automatically screens incoming emails for inappropriate content and attachments. If the software identifies such content or attachment, the email will be forwarded to our Technology department for checking. You should be aware that any email that you send to Cheshire Datasystems Limited is subject to this procedure.
________________________________ Cheshire Datasystems Limited, Strata House, Kings Reach Road, Stockport, SK4 2HD Registered in England and Wales with company number 3991057 VAT registration: 727 1188 33 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our Privacy Notice, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
*********************************************************************** Arbuthnot Latham & Co., Limited Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited, DIFC Branch, is regulated by the Dubai Financial Services Authority ("DFSA").
Registered in England and Wales 819519. Registered office: Arbuthnot House 7 Wilson Street London EC2M 2SN Tel : 020 7012 2500 Fax : 020 7012 2501 ************************************************************************
Hi Daniel,
The cipher suites TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 are for TLS v1.2.
The Protocols field: {771, 65277} is a decimal representation of the value used in the TLS Version Field. 771 corresponds to 0x0303, which is TLS_1_2, and 65277 corresponds to 0xFEFD, which is DTLS_1_1.
You need to use sslVersion = TLSv1.2
Regards, Małgorzata Olszówka
W dniu 10.06.2024 o 16:33, Glick, Daniel pisze:
Classification: Restricted
Hi Duncan,
Thank you for your email.
The parameters we have set up in the stunnel config are as follows : (also we are using stunnel version 5.67)
; Certificate/key is needed in server mode and optional in client mode
cert = ARB03.pem
key = ARB03.pem
; Disable support for insecure SSLv2 protocol
options = NO_SSLv2
options = NO_SSLv3
sslVersion = TLSv1.3
ciphersuites = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_128_GCM_SHA25
the version of OpenSSL is
However when we reboot the server and check the stunnel log – we receive a fatal error, as the ciphers are not recognised
2024.06.10 15:00:34 LOG7[8]: TLS alert (write): fatal: internal error
2024.06.10 15:00:34 LOG3[8]: SSL_connect: ssl/statem/statem_clnt.c:3745: error:0A0000B5:SSL routines::no ciphers available
Any ideas
Thank you
Danny
*From:*Duncan Morris Duncan.Morris@cdl.co.uk *Sent:* Monday, 10 June 2024 14:44 *To:* Glick, Daniel DanielGlick@arbuthnot.co.uk; stunnel-users@stunnel.org *Subject:* RE: help required with stunnel cipher set up
Classification: Restricted
This message originated from outside your organization
Hi,
Have you updated the stunnel config file with your ciphersuites choices?
From: https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS
*ciphersuites* = CIPHERSUITES_LIST
select permitted TLSv1.3 ciphersuites
A colon-delimited list of TLSv1.3 ciphersuites names in order of preference.
This option requires OpenSSL 1.1.1 or later.
default: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
Regards,
*Duncan Morris*
*OpenVMS Consultant Engineer***
CDL
www.cdl.co.uk http://www.cdl.co.uk/ohttp:/www.cdl.co.uk/
*Advanced Notice of Annual Leave: 18^th -28^th July 2024*
* 24^th Aug–4^th September 2024*
T: +44 (0)161 480 4420
T: +44 (0)161 475 4111
F: +44 (0)161 480 4415
M: +44 (0)7872 526049
**
CDL - EXTERNAL
*From:*Glick, Daniel <DanielGlick@arbuthnot.co.uk mailto:DanielGlick@arbuthnot.co.uk> *Sent:* Monday, June 10, 2024 11:28 AM *To:* stunnel-users@stunnel.org mailto:stunnel-users@stunnel.org *Subject:* [stunnel-users] help required with stunnel cipher set up
You don't often get email from danielglick@arbuthnot.co.uk mailto:danielglick@arbuthnot.co.uk. Learn why this is important https://aka.ms/LearnAboutSenderIdentification
Classification: Restricted
Dear All,
Objective :
We have been informed by Euroclear that we must use the following ciphers below with our stunnel connection to them
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Server details :
The required cipher has been defined as being the first in the list.
Information security has confirmed that the cipher has been enabled
However after rebooting the server and starting stunnel – the old ciphers are still being used
Please can anyone point us in the right direction as to what we are doing wrong.
Thank you
*Daniel********** Glick *
*Application Specialist, Investment Management & Finance Platform*
Arbuthnot Latham & Co., Limited
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our Privacy Notice https://www.arbuthnotlatham.co.uk/privacy-notice/, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.
Arbuthnot Latham & Co., Limited Arbuthnot House 7 Wilson Street London EC2M 2SN
Tel : +44 (0)20 7012 2500 www.arbuthnotlatham.co.uk https://www.arbuthnotlatham.co.uk/
https://www.cdl.co.uk/media/newsletter.htmlhttps://www.cdl.co.uk/careers/vacancies.htmlhttp://twitter.com/CDL_Softwarehttp://www.linkedin.com/company/cdl-cheshire-datasystems-ltd-https://en-gb.facebook.com/CDLSoftware
Please consider the environment - Do you really need to print this email?
This email is intended only for the person(s) named above and may contain private and confidential information. If it has come to you in error, please destroy and permanently delete any copy in your possession, and contact us on +44 (0)161 480 4420. The information in this email is copyright © CDL Group Holdings Limited. We cannot accept liability for any loss or damage sustained as a result of software viruses. It is your responsibility to carry out such virus checking as is necessary before opening any attachment.
Cheshire Datasystems Limited uses software which automatically screens incoming emails for inappropriate content and attachments. If the software identifies such content or attachment, the email will be forwarded to our Technology department for checking. You should be aware that any email that you send to Cheshire Datasystems Limited is subject to this procedure.
*Cheshire Datasystems Limited, Strata House, Kings Reach Road, Stockport, SK4 2HD* Registered in England and Wales with company number 3991057 VAT registration: 727 1188 33
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our Privacy Notice < https://www.arbuthnotlatham.co.uk/privacy-notice/%3E, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.
Arbuthnot Latham & Co., Limited Arbuthnot House 7 Wilson Street London EC2M 2SN
Tel : +44 (0)20 7012 2500 www.arbuthnotlatham.co.uk https://www.arbuthnotlatham.co.uk
stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
Did you add the ciphers = config option in your stunnel service?
stunnel TLS Proxy https://www.stunnel.org/static/stunnel.html
------ Original Message ------ From "Glick, Daniel" danielglick@arbuthnot.co.uk To "stunnel-users@stunnel.org" stunnel-users@stunnel.org Date 10/06/2024 11:28:09 Subject [stunnel-users] help required with stunnel cipher set up
Classification: Restricted
Dear All,
Objective :
We have been informed by Euroclear that we must use the following ciphers below with our stunnel connection to them
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Server details :
The required cipher has been defined as being the first in the list.
Information security has confirmed that the cipher has been enabled
However after rebooting the server and starting stunnel – the old ciphers are still being used
Please can anyone point us in the right direction as to what we are doing wrong.
Thank you
Daniel Glick
Application Specialist, Investment Management & Finance Platform
Arbuthnot Latham & Co., Limited
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete it from your system.
Internet communications are not secure and therefore Arbuthnot Latham & Co., Limited does not accept legal responsibility for the contents of this message or any damage sustained as a result of this email or its attachments. Any views or opinions presented are solely those of the author and do not necessarily represent those of Arbuthnot Latham & Co., Limited or any of its affiliates.
Please take some time to read our Privacy Notice < https://www.arbuthnotlatham.co.uk/privacy-notice/%3E, which provides information on what personal data we collect from you, what we do with it and who it might be shared with.
Registered in England and Wales No. 819519. Arbuthnot Latham & Co., Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Arbuthnot Latham & Co., Limited is on the Financial Services Register under Firm Reference Number 143336.
Arbuthnot Latham & Co., Limited Arbuthnot House 7 Wilson Street London EC2M 2SN
Tel : +44 (0)20 7012 2500 www.arbuthnotlatham.co.uk https://www.arbuthnotlatham.co.uk
-
Duncan Morris -
Glick, Daniel -
Małgorzata Olszówka -
Stewart Anderson