[stunnel-users] exclusively TLS
Jan Meijer
jan.meijer at surfnet.nl
Sat Jan 21 00:20:28 CET 2006
On Fri, 20 Jan 2006, Moehrke, John (GE Healthcare) wrote:
> It is not the list of ciphers that I want to choose from. We are indeed
> using a select set of ciphers and that seems to be working fine. My
> problem is that when stunnel connects to the server it is trying sslv3,
> and this causes an error as the server is only supporting TLS. I could
> easily be wrong...
Ah, that way.
options = SSL_options
OpenSSL library options
The parameter is the OpenSSL option name as described in the
SSL_CTX_set_options(3ssl) manual, but without SSL_OP_ prefix. Several
options can be used to specify multiple options.
For example for compatibility with erroneous Eudora SSL implementation
the following option can be used:
options = DONT_INSERT_EMPTY_FRAGMENTS
Check the SSL_CTX_set_options manpage, it says -amongst other things-:
SSL_OP_NO_SSLv2
Do not use the SSLv2 protocol.
SSL_OP_NO_SSLv3
Do not use the SSLv3 protocol.
SSL_OP_NO_TLSv1
Do not use the TLSv1 protocol.
That ought to do the trick I'd say.
Let us know if it did :)
Jan
--
http://www.surfnet.nl/organisatie/jame
More information about the stunnel-users
mailing list