[stunnel-users] stunnel server configuration requirement to handle CBC protection

• Previous message (by thread): [stunnel-users] EXTERNAL: Re: stunnel server configuration requirement to handle CBC protection
• Next message (by thread): [stunnel-users] stunnel x forwarded not working
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2013-11-04 18:12, Simner, John wrote:
> To prevent man-in-the-middle attacks, the phone should be able to
> handle the fragmented TLS block when CBC protection is activated on
> the client tomcat server.
>
>  
>
> I have been unable to find the appropriate stunnel configuration item
> to support this.
>
> Please could you inform me how this is handled through stunnel.
>

There is no option to *enable* CBC protection, as this is the default.

Use "options = DONT_INSERT_EMPTY_FRAGMENTS" to disable this secure default.

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20131113/98ef037c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20131113/98ef037c/attachment.sig>

• Previous message (by thread): [stunnel-users] EXTERNAL: Re: stunnel server configuration requirement to handle CBC protection
• Next message (by thread): [stunnel-users] stunnel x forwarded not working
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]