[stunnel-users] dhparam and others

mlrx stunnel.org at 18informatique.com
Sat Mar 2 15:49:45 CET 2019


Hello,

This is my first run with stunnel.

I have unbound and stunnel on openBSD to do DNS-over-TLS
and it works (fine).

I want now to enforce TLS security so I added the following
options:
sslVersion = TLSv1.2
options = CIPHER_SERVER_PREFERENCE
ciphers = [list]
curve = [name]

When it will be ready to production, I will add:
verify = 3
CA*
OCSP*

For now, I don't find any information about using dhparam file.
Something like SSLOpenSSLConfCmd DHParameters "/path/to/file.pem"
in Apache.
How can I do it possible? Could you point me some informations or
the path to do it please?
Could you confirm that I can't use TLS1.3 for now in stunnel?
May be you could have some security advices ?

Best regards,
-- 
mlrx


More information about the stunnel-users mailing list