All, I upgraded one of my servers from Debian stretch to Debian buster yesterday and I've been unable to establish stunnel connections to it since then. When I connect, I get this log message on the server end: LOG5[0]: Service [svn-name] accepted connection from [client ip]:45382 LOG5[0]: Certificate accepted at depth=0: [cert dn] LOG3[0]: SSL_accept: 1414D17A: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket We are using EC certs and it's complaining about a curve. So, probably curve-related :) Our private key on the client side is using the secp256k1 curve. The client is using OpenSSL 1.0.2. The server is running OpenSSL 1.1.1. Both client and server support secp256k1. I tried specifying: curves = secp256k1 On the server side, but stunnel won't start, telling me that the configuration option isn't valid. I tried it in the global scope, and also in the service-scope and got the same error. Am I missing something? Minting new certificates (e.g. using prime256v1/secp256r1) is definitely an option, as my client openssl says it supports the NIST P-256 curve. $ openssl ecparam -list_curves secp256k1 : SECG curve over a 256 bit prime field secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field prime256v1: X9.62/SECG curve over a 256 bit prime field That last one is NIST P-256. Is my best bet to mint a new certificate? Or is it possible to configure the server to allow this secp256k1 curve? -chris