[stunnel-users] Exchange Online - SSLv3 and Sophos UTM 120 firewall update

Michal Trojnara Michal.Trojnara at mirt.net
Fri Oct 31 17:02:11 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Hogan wrote:
> That's very good news... so I presume the line:
> 
> 2014.10.28 14:35​​:55 LOG6[4156]: Negotiated TLSv1 ciphersuite 
> ECDHE-RSA-AES256-SHA (256-bit encryption)
> 
> ... is the confirmation that the TLS protocol is being used?

I changed this recently.  Starting with stunnel 5.06 it indeed means
"TLSv1 was negotiated".

In older versions of stunnel it used SSL_CIPHER_get_version()
https://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html
> SSL_CIPHER_get_version() returns string which indicates the SSL/TLS
> protocol version that first defined the cipher. This is currently
> SSLv2 or TLSv1/SSLv3. In some cases it should possibly return
> ``TLSv1.2'' but does not; use SSL_CIPHER_description() instead. If
> cipher is NULL, ``(NONE)'' is returned.

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRTsoMACgkQ/NU+nXTHMtFT8ACfWd9eU2SuT1fHykF52R7O0eK3
H0AAoL7jR1qwaPpA28TpG9B4mQc6a4cK
=pIXz
-----END PGP SIGNATURE-----



More information about the stunnel-users mailing list