jaykishanmutkawoa

1.The stunnel beta version was compiled with openssl-dev 1.1

[root@localhost stunnel-5.43]# /usr/local/bin/stunnel version
[ ] Clients allowed=500
[.] stunnel 5.43 on x86_64-pc-linux-gnu platform
[.] Compiled/running with OpenSSL 1.1.1-dev  xx XXX xxxx
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
[ ] errno: (*__errno_location ())

2.My stunnel configuration as follows:

jaykishanmutkawoa

Stunnel running without the patch.

1. My stunnel.conf
=============================================================================================
[root@localhost ~]# cat /etc/stunnel/stunnel.conf
chroot = /var/run/stunnel
setuid = stunnel
setgid = stunnel
pid = /stunnel.pid
debug = 7

jaykishanmutkawoa

On server
socat OPENSSL-LISTEN:443,reuseaddr,cert=/etc/server.pem,cafile=/etc/client.crt echo

On client
socat stdio OPENSSL-CONNECT:Socat-TLS-Server:443,cert=/etc/client.pem,cafile=/etc/server.crt

Wirehark was launched, and we can noticed the tls 1.2 handshake

jaykishanmutkawoa

root@Socat-TLS-Client:~/tls13_new/socat-1.7.3.2# diff -uNp sslcls.c.orig sslcls.c
--- sslcls.c.orig       2018-03-17 10:47:30.239634794 -0400
+++ sslcls.c    2018-03-17 04:40:53.144981137 -0400
@@ -147,6 +147,26 @@ const SSL_METHOD *sycTLSv1_2_server_meth
 }
 #endif

+#if HAVE_TLSv1_3_client_method
+const SSL_METHOD *sycTLSv1_3_client_method(void) {
+   const SSL_METHOD *result;

jaykishanmutkawoa

--- SSLSocket.c.orig    2018-03-18 01:35:55.748629591 -0400
+++ SSLSocket.c 2018-03-18 01:46:42.564598773 -0400
@@ -264,6 +264,9 @@ char* SSLSocket_get_version_string(int v
 #if defined(TLS3_VERSION)
                { TLS3_VERSION, "TLS 1.2" },
 #endif
+#if defined(TLS4_VERSION)
+               { TLS4_VERSION, "TLS 1.3" },
+#endif
        };

jaykishanmutkawoa

The OpenSSL was compiled accordingly.

==============
[root@TLS1-3 curl]# openssl version
OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018
=============


PHP was also compiled.