[stunnel-users] stunnel keeps using SSLv3 even after disabling it

Or Yarimi or at marketspulse.com
Wed Feb 4 11:15:15 CET 2015


Hi,

I'm using stunnel to communicate with FIX server.
In order to do that, I disabled SSLv2 and SSLv3 and set the sslVersion to
TLSv1.

It seems like stunnel keeps trying using SSLv3 handshake, which isn't
working.

This is the configuration:
client = yes
debug = 7
output=stunnel.log
cert = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Turning for LMAX
options = NO_SSLv2
options = NO_SSLv3

[LMAX-fix-tunnel-DEMO-Trading]
sslVersion = TLSv1
accept = 40001
connect = fix-ate.lmaxtrader.com:443

stunnel log:
2015.02.04 12:10:31 LOG7[12516]: Service [LMAX-fix-tunnel-DEMO-MktData]
started
2015.02.04 12:10:31 LOG5[12516]: Service [LMAX-fix-tunnel-DEMO-MktData]
accepted connection from 127.0.0.1:59475
2015.02.04 12:10:31 LOG6[12516]: s_connect: connecting 91.215.165.69:443
2015.02.04 12:10:31 LOG7[12516]: s_connect: s_poll_wait 91.215.165.69:443:
waiting 10 seconds
2015.02.04 12:10:31 LOG5[12516]: s_connect: connected 91.215.165.69:443
2015.02.04 12:10:31 LOG5[12516]: Service [LMAX-fix-tunnel-DEMO-MktData]
connected remote server from 10.0.0.62:59476
2015.02.04 12:10:31 LOG7[12516]: Remote socket (FD=620) initialized
2015.02.04 12:10:31 LOG6[12516]: SNI: sending servername:
fix-md-ate.lmaxtrader.com
2015.02.04 12:10:31 LOG7[12516]: SSL state (connect): before/connect
initialization
2015.02.04 12:10:31 LOG7[12516]: SSL state (connect): SSLv3 write client
hello A

Already burned around 4 hours understanding what I'm doing wrong, will be
glad if you could help me.

Thanks in advance,
Or.

-- 


*Attention:*
This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error, please notify the 
sender immediately by replying to this message, and delete the original 
message from your system without making a copy. 
This e-mail is attributed to the sender and does not necessarily reflect 
the view of Markets Pulse P.S. Ltd. or any affiliate.

 

Please consider the environment before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150204/fc268a14/attachment.html>


More information about the stunnel-users mailing list