[stunnel-users] Allowing only TLS 1.2 and 1.3

STOSSE Florian (SAFRAN AEROSYSTEMS) florian.stosse at safrangroup.com
Thu Jul 30 11:32:23 CEST 2020


Hello all,

 

I currently use the following parameters to achieve exactly the same objective:

 

sslVersionMin = TLSv1.2

sslVersionMax = TLSv1.3

 

In fact, here is my full tls.conf file:

 

; TLS Configuration file

 

sslVersionMin = TLSv1.2

sslVersionMax = TLSv1.3

ciphersuites = TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384

curves = X25519:P-256:X448:P-521:P-384

options = NO_COMPRESSION

options = NO_TICKET

 

Nothing fancy, and it works as expected. Maybe you are overriding your parameters somewhere else ?

 

Best regards,

 

Florian Stosse

Information security engineer

Safran Electronics & Defense | Safran Data Systems | Space & Communication

 

Phone: +33 1 69 82 79 43 • Mobile : +33 6 48 11 16 12

 

Safran Data Systems

5, avenue des Andes - CS 90101

91978 Courtaboeuf Cedex, France

www.safran-electronics-defense.com

 

De : stunnel-users [mailto:stunnel-users-bounces at stunnel.org] De la part de Jorge Bastos
Envoyé : jeudi 30 juillet 2020 10:17
À : Thomas Eifert
Cc : stunnel-users at stunnel.org
Objet : Re: [stunnel-users] Allowing only TLS 1.2 and 1.3

 

Howdy,

; Use sslVersionMax or sslVersionMin option instead of disabling specific TLS protocol versions when compiled
;           with OpenSSL 1.1.0 or later.

sslVersionMin = TLSv1.2

 

Produced no efect, openssl is 1.1.1g

any idea?

 

On 2020-07-30 0:54, Thomas Eifert wrote:

P.S.

There's also an sslVersionMax  if you feel you need it.

On 7/29/2020 5:20 PM, Jorge Bastos wrote:

Howdy,

I've been trying to configure stunnel to provide only TLS 1.2 and 1.3, but no sucess.
I have the configuration bellow, what could i be doing wrong?

Thanks in advanced,

sslVersion = all
options    = NO_SSLv2
options    = NO_SSLv3
options    = NO_TLSv1
options    = NO_TLSv1.1

 

 

 

 

 

 





_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

 

-- 
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.

 

_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

 

#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200730/ae9f14f0/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 12387 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200730/ae9f14f0/attachment-0001.bin>


More information about the stunnel-users mailing list