[stunnel-users] stunnel with TLSv1.2 ciphers

Leandro Avila leandro.avila at ymail.com
Mon Dec 8 21:39:35 CET 2014




 Jeremy,

Does imtest have support for the ciphers that you want to use?

If you increase the stunnel log level you should see more details about
the TLS handshake.

My guess is that imtest does not support the newest cipher that you are using.

Have you tested with openssl s_client? 

Cheers----------------- 
Leandro Avila


On Friday, December 5, 2014 8:32 AM, Jérémy WILLIAME <jeremy.williame at ovh.net> wrote:


>
>
>Hi,
>
>I want to use stunnel with TLSv1.2 ciphers but it doesn't work.
>I use stunnel 5.07 compiled from source with prefix /opt/stunnel and
    lastest openssl (1.0.1j)
>
>This is my main configuration file:
>
>chroot = /opt/stunnel/var/lib/stunnel/
>pid = /stunnel4.pid
>cert = /opt/stunnel/etc/blabla/bla.pem
>key  = /opt/stunnel/etc/blabla/bla.key
>ciphers = ECDHE-ECDSA-AES256-GCM-SHA384
>options = NO_SSLv2
>[imaps]
>accept  = 993
>connect = 143
>
>I had to use one of this ciphers:
>ECDHE-ECDSA-AES256-GCM-SHA384
>ECDHE-ECDSA-AES256-SHA384
>DHE-RSA-AES256-GCM-SHA384
>
>When i tried to use imaps connection over stunnel :
>root at bla: imtest -a homer -w homer -p 993 -s localhost  
>SSL_connect error 0
>SSL session removed
>failure: TLS negotiation failed
>
>if i use a SSLv3 cipher it works.
>root at bla: imtest -a homer -w homer -p 993 -s
    localhost                       
>verify error:num=18:self signed certificate
>TLS connection established: TLSv1 with cipher DHE-RSA-AES128-SHA
    (128/128 bits)
>
>
>Someone have any idea ?
>Thanks.
>Jeremy
>
>_______________________________________________
>stunnel-users mailing list
>stunnel-users at stunnel.org
>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>



More information about the stunnel-users mailing list