[stunnel-users] server does not send its cert?

• Previous message (by thread): [stunnel-users] server does not send its cert?
• Next message (by thread): [stunnel-users] server does not send its cert?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Keresztfalvi Laszlo wrote:
> 2012.02.14 13:13:32 LOG6[87260:136504]: Negotiated ciphers: RC4-SHA 
> SSLv3
> Kx=RSA Au=RSA ENC=RC4(128) Mac=SHA1
>
> RC4 128-bit is not something that considered secure. I don't know why
> this was choosen but probably this caused that FIPS mode rejected the
> connection?

Contrary to popular belief, RC4-SHA is probably the most secure 
ciphersuite available in SSL/TLS.  In fact RC4 is the only SSL algorithm 
not vulnerable to the BEAST attack:
http://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html

On the other hand it is easy to use RC4 in an insecure way.  Many 
products and protocols were broken because RC4 was used incorrectly.  
This is *not* the case for SSL/TLS.  No practical attacks are currently 
known against RC4-based SSL/TLS.

Mike

• Previous message (by thread): [stunnel-users] server does not send its cert?
• Next message (by thread): [stunnel-users] server does not send its cert?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]