[stunnel-users] the connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues :(

Thomas Manson dev.mansonthomas at gmail.com
Tue Apr 10 13:55:33 CEST 2012


Ok,

but the same browser accross different machine will not do the same.

Still strange to me.

(same behavior with stunnel 4.53 and 4.35, so as you said, it seems a
client related behavior)

Regards,
Thomas.

On Tue, Apr 10, 2012 at 04:33, Leandro Avila <leandro.avila at ymail.com>wrote:

> Thomas,
>
> The most likely cause for the different algorithms is the use of different
> libraries.
>
> Stunnel uses OpenSSL
> Mozilla uses NSS
> Not sure what Google Chrome uses.
>
> Each library implements different cipher suites. So each browser might
> select different ciphers to connect
> to the same server.
>
>
> -----------------
> Leandro Avila
>
>
> ________________________________
> From: Thomas Manson <dev.mansonthomas at gmail.com>
> To: Michal Trojnara <Michal.Trojnara at mirt.net>
> Cc: stunnel-users at stunnel.org
> Sent: Friday, April 6, 2012 6:35 AM
> Subject: Re: [stunnel-users] the connection had to be retried using SSL
> 3.0. This typically means that the server is using very old software and
> may have other security issues :(
>
>
> Hi Mike,
>
>  thanks for the explanation.
>
>  So according to you, I should set anything to use the stunnel defaults?
> what's very strange is that from another PC (a colleague)
>
>     * google chrome I don't see the same crypting technology
> (CAMELLIA_256_CBC, Firefox report the same)
>     * says the certificate can't be approved.(in another firefox too)
>     * I've asked her to flush dns cache and retry
>
> On my desktop compter I get the same crypting but no certificate error
>
> On my laptop : I've the crypting I've reported in my first post. and the
> warning..;
>
>
> Any idea why the crypting are different ? (chrome versions are different
> on minor versions, same version for Firefox)
>
> Thomas.
>
>
>
> On Fri, Apr 6, 2012 at 12:53, Michal Trojnara <Michal.Trojnara at mirt.net>
> wrote:
>
>    ciphers = AES128-SHA
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120410/2c2d96e1/attachment.html>


More information about the stunnel-users mailing list