[stunnel-users] ssl renegotiation

• Previous message (by thread): [stunnel-users] ssl renegotiation
• Next message (by thread): [stunnel-users] Enhance description of transparent mode in FAQ
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/25/2010 05:42 AM, Joe Williams wrote:
>
> Got it, so there's no way to configure stunnel to disable it without building a new openssl from source. I was thinking there might be an SSL option I could pass in.
>
That kind of feature was only introduced into the newer versions of
OpenSSL, so by definition, older versions can't have an option to
disable it ;-)

FYI I still have to run fully patched Apache with
"SSLInsecureRenegotiation on" due to MSIE still not supporting proper
optional client cert renegotiation. It's only *2 years* since the
vulnerability was discovered...

(Chrome, Firefox are fine of course)

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

• Previous message (by thread): [stunnel-users] ssl renegotiation
• Next message (by thread): [stunnel-users] Enhance description of transparent mode in FAQ
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]