[stunnel-users] [PATCH] TLS 1.3 Compatibility

Nitin Mutkawoa jmutkawoa at hackers.mu
Tue Mar 13 18:44:21 CET 2018


Hello,

To add TLS 1.3 compatibility on Stunnel, the following patch was applied
and tested.

--- options.c.orig 2018-03-13 04:06:01.410477727 +0000
+++ options.c 2018-03-13 05:42:51.883782519 +0000
@@ -2675,6 +2675,18 @@ NOEXPORT char *parse_service_option(CMD
#else /* defined(OPENSSL_NO_TLS1_2) */
return "TLSv1.2 not supported";
#endif /* !defined(OPENSSL_NO_TLS1_2) */
+ } else if(!strcasecmp(arg, "TLSv1.3")) {
+#ifndef OPENSSL_NO_TLS1_3
+ section->client_method=(SSL_METHOD *)TLS_client_method();
+ section->server_method=(SSL_METHOD *)TLS_server_method();
+ section->ssl_options_set|= SSL_OP_NO_SSLv2;
+ section->ssl_options_set|= SSL_OP_NO_SSLv3;
+ section->ssl_options_set|= SSL_OP_NO_TLSv1;
+ section->ssl_options_set|= SSL_OP_NO_TLSv1_1;
+ section->ssl_options_set|= SSL_OP_NO_TLSv1_2;
+#else /* defined(OPENSSL_NO_TLS1_3) */
+ return "TLSv1.3 not supported";
+#endif
#endif /* OPENSSL_API_COMPAT<0x10100000L */
} else
return "Incorrect version of TLS protocol";

Please see this link for more info about the test for TLS 1.3
https://gist.github.com/jmutkawoa/c97f5d67ded592f6ad04389a3ade623e

Regards

Nitin J Mutkawoa

https://tunnelix.com
https://hackers.mu

Twitter: @TheTunnelix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180313/0355deef/attachment.html>


More information about the stunnel-users mailing list