Francois Pires
2016-05-06 09:16:39 UTC
Hi all,
We need use of sslv3 but with debian Jessie package version 5.06 this is
not working.
I have add options -NO_SSLv3 still same.
Can you check if my configuration is good and if you have any idea to
have sslv3 working with this verison.
# stunnel.conf
syslog = no
cert = /etc/ssl/certs/test.crt.pem
key = /etc/ssl/private/test.key.pem
CAfile = /etc/ssl/certs/test.ca-bundle
# Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all
options = -NO_SSLv3
ciphers = AES256-SHA
#ciphers = ***@STRENGTH:***@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
# Some debugging stuff useful for troubleshooting
debug = 7
output = /stunnel.log
# Debian and Ubuntu chroot config
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
# Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
socket = l:SO_KEEPALIVE=1
socket = r:SO_KEEPALIVE=1
[test]
accept = 11443
connect = 127.0.0.1:11444
# stunnel log with openssl test
SSL_accept: 14076102: error:14076102:SSL
routines:SSL23_GET_CLIENT_HELLO:unsupported protocol
openssl s_client -connect 127.0.0.1:11443 -ssl3
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1462525363
Timeout : 7200 (sec)
Verify return code: 0 (ok)
We need use of sslv3 but with debian Jessie package version 5.06 this is
not working.
I have add options -NO_SSLv3 still same.
Can you check if my configuration is good and if you have any idea to
have sslv3 working with this verison.
# stunnel.conf
syslog = no
cert = /etc/ssl/certs/test.crt.pem
key = /etc/ssl/private/test.key.pem
CAfile = /etc/ssl/certs/test.ca-bundle
# Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all
options = -NO_SSLv3
ciphers = AES256-SHA
#ciphers = ***@STRENGTH:***@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
# Some debugging stuff useful for troubleshooting
debug = 7
output = /stunnel.log
# Debian and Ubuntu chroot config
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
# Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
socket = l:SO_KEEPALIVE=1
socket = r:SO_KEEPALIVE=1
[test]
accept = 11443
connect = 127.0.0.1:11444
# stunnel log with openssl test
SSL_accept: 14076102: error:14076102:SSL
routines:SSL23_GET_CLIENT_HELLO:unsupported protocol
openssl s_client -connect 127.0.0.1:11443 -ssl3
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1462525363
Timeout : 7200 (sec)
Verify return code: 0 (ok)
--
Cordialement,
François PIRES
SysAdmin
Cordialement,
François PIRES
SysAdmin