[stunnel-users] SSLv3 not working with version 5.06

Josealf.rm josealf at rocketmail.com
Fri May 6 12:30:50 CEST 2016


Maybe Debian removed support for SSLv3 in it's OpenSSL libraries. This protocol is now obsolete and should not be used. 
Is that is the case, you will need to compile your own OpenSSL with SSLv3 enabled. 

Anyway, you should ask in a Debian forum.

Regards,
Jose 

> El 6 may 2016, a las 4:16, Francois Pires <francois.pires at dalenys.com> escribió:
> 
> Hi all,
> 
> We need use of sslv3 but with debian Jessie package version 5.06 this is
> not working.
> 
> I have add options -NO_SSLv3 still same.
> 
> Can you check if my configuration is good and if you have any idea to
> have sslv3 working with this verison.
> 
> 
> # stunnel.conf
> 
> syslog = no
> 
> cert = /etc/ssl/certs/test.crt.pem
> key = /etc/ssl/private/test.key.pem
> CAfile = /etc/ssl/certs/test.ca-bundle
> 
> # Protocol version (all, SSLv2, SSLv3, TLSv1)
> sslVersion = all
> options = -NO_SSLv3
> ciphers = AES256-SHA
> #ciphers = ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
> 
> # Some debugging stuff useful for troubleshooting
> debug = 7
> output = /stunnel.log
> 
> # Debian and Ubuntu chroot config
> chroot = /var/lib/stunnel4/
> setuid = stunnel4
> setgid = stunnel4
> pid = /stunnel4.pid
> 
> # Some performance tunings
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> socket = l:SO_KEEPALIVE=1
> socket = r:SO_KEEPALIVE=1
> 
> [test]
> accept = 11443
> connect = 127.0.0.1:11444
> 
> 
> 
> # stunnel log with openssl test
> SSL_accept: 14076102: error:14076102:SSL
> routines:SSL23_GET_CLIENT_HELLO:unsupported protocol
> 
> openssl s_client -connect 127.0.0.1:11443 -ssl3
> CONNECTED(00000003)
> write:errno=104
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 0 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : SSLv3
> Cipher : 0000
> Session-ID:
> Session-ID-ctx:
> Master-Key:
> Key-Arg : None
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> Start Time: 1462525363
> Timeout : 7200 (sec)
> Verify return code: 0 (ok)
> 
> -- 
> Cordialement,
> 
> François PIRES
> SysAdmin
> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users




More information about the stunnel-users mailing list