[PATCH] TLS 1.3 Compatibility - stunnel-users

13 Mar 2018

Hello,
To add TLS 1.3 compatibility on Stunnel, the following patch was applied
and tested.

--- options.c.orig 2018-03-13 04:06:01.410477727 +0000
+++ options.c 2018-03-13 05:42:51.883782519 +0000
@@ -2675,6 +2675,18 @@ NOEXPORT char *parse_service_option(CMD
#else /* defined(OPENSSL_NO_TLS1_2) */
return "TLSv1.2 not supported";
#endif /* !defined(OPENSSL_NO_TLS1_2) */
+ } else if(!strcasecmp(arg, "TLSv1.3")) {
+#ifndef OPENSSL_NO_TLS1_3
+ section->client_method=(SSL_METHOD *)TLS_client_method();
+ section->server_method=(SSL_METHOD *)TLS_server_method();
+ section->ssl_options_set|= SSL_OP_NO_SSLv2;
+ section->ssl_options_set|= SSL_OP_NO_SSLv3;
+ section->ssl_options_set|= SSL_OP_NO_TLSv1;
+ section->ssl_options_set|= SSL_OP_NO_TLSv1_1;
+ section->ssl_options_set|= SSL_OP_NO_TLSv1_2;
+#else /* defined(OPENSSL_NO_TLS1_3) */
+ return "TLSv1.3 not supported";
+#endif
#endif /* OPENSSL_API_COMPAT<0x10100000L */
} else
return "Incorrect version of TLS protocol";
Please see this link for more info about the test for TLS 1.3
https://gist.github.com/jmutkawoa/c97f5d67ded592f6ad04389a3ade623e
Regards
Nitin J Mutkawoa
https://tunnelix.com
https://hackers.mu
Twitter: @TheTunnelix

    