[stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3

Michal Trojnara Michal.Trojnara at mirt.net
Thu Jan 29 12:12:59 CET 2015


Hi Sebastian,

The ChangeLog does not say anything about disabling SSLv3:
http://rpmfind.net/linux/RPM/centos/updates/6.6/x86_64/Packages/stunnel-4.29-3.el6_6.1.x86_64.html
I guess it may be disabled in the OpenSSL rather than in stunnel.

Anyway, if you connect stunnel with some software that's so old that it
doesn't support TLS, the software is almost certainly no longer
supported, and most likely vulnerable to attacks.  This is a serious risk!

Mike

On 29.01.2015 11:58, Sebastian Ochsenkühn wrote:
>
> Hi Mike,
>
>
> thanks for your fast response, but I think there is a big issue.
>
> The latest version that is available in the CENTOS 6 Base Repo is
> "stunnel-4.29-3.el6_6.1.x86_64"  - In this version the SSLv3 is
> disabled by default, but there is not option to enable it.
>
>
> I hope you understand my situation :-) 
>
>
>
>
>
> ------------------------------------------------------------------------
> *Von:* stunnel-users <stunnel-users-bounces at stunnel.org> im Auftrag
> von Michal Trojnara <Michal.Trojnara at mirt.net>
> *Gesendet:* Donnerstag, 29. Januar 2015 11:44
> *An:* stunnel-users at stunnel.org
> *Betreff:* Re: [stunnel-users] Centos 6.6 Final
> stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3
>  
> Hi Sebastian,
>
> My documentation describes the latest version of stunnel.  For an old
> version please refer to the appropriate manual page distributed with
> the specific version you're using.
>
> Mike
>
> On 29.01.2015 11:40, Sebastian Ochsenkühn wrote:
>>
>> Hi,
>>
>>
>> I have a big problem with the new stunnel version on CentOS
>> 6.6 (stunnel-4.29-3.el6_6.1.x86_64) that is available in the CentOS
>> base repository.
>>
>>
>> You describe in your documentation that SSLv3 is disabled by default.
>>  -> OK for me, but I need SSLv3 and the option with -NO_SSLv3 is not
>> working​!
>>
>> PS: this is also not working with -NO_SSLv2 option.
>>
>>
>> options = -NO_SSLv3 = NOT Working
>>
>>
>> option = NO_SSLv3 = Working.
>>
>>
>> Currently i have installed an older version, where the SSLv3
>> protocoll is not disabled by default.
>>
>>
>> Is there anything that I'm doing wrong? 
>>
>>
>> Thanks and Regards,
>>
>> Sebastian.
>>
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150129/1490958c/attachment.html>


More information about the stunnel-users mailing list