[stunnel-users] SSLv3 not working with version 5.06

[Francois Pires]

Hi all,

We need use of sslv3 but with debian Jessie package version 5.06 this is
not working.

I have add options -NO_SSLv3 still same.

Can you check if my configuration is good and if you have any idea to
have sslv3 working with this verison.


# stunnel.conf

syslog = no

cert = /etc/ssl/certs/test.crt.pem
key = /etc/ssl/private/test.key.pem
CAfile = /etc/ssl/certs/test.ca-bundle

# Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all
options = -NO_SSLv3
ciphers = AES256-SHA
#ciphers = ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL

# Some debugging stuff useful for troubleshooting
debug = 7
output = /stunnel.log

# Debian and Ubuntu chroot config
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid

# Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
socket = l:SO_KEEPALIVE=1
socket = r:SO_KEEPALIVE=1

[test]
accept = 11443
connect = 127.0.0.1:11444



# stunnel log with openssl test
SSL_accept: 14076102: error:14076102:SSL
routines:SSL23_GET_CLIENT_HELLO:unsupported protocol

openssl s_client -connect 127.0.0.1:11443 -ssl3
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1462525363
Timeout : 7200 (sec)
Verify return code: 0 (ok)

-- 
Cordialement,

François PIRES
SysAdmin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160506/b0bd63cc/attachment.sig>