Hi Shannon,
From what I understand so far a minimum Cipher list of 'RC4:HIGH:!MD5:!aNULL' along with stopping the Client Renegotiating the ciphers seems to resolve the problem.
In Pound the patch allows for two new options to be set:
SSLHonorCipherOrder & SSLAllowClientRenegotiation
I've looked in the OpenSSL documentation but I don't seem to be able to find anything that has the same functionality although I'm no expert so I may have just over looked it.
~ScottOn 25 May 2012 14:30, Shannon Carver <shannon.carver@gmail.com> wrote:
I posted a similar question a few months back, but didnt' get a reply. Would love some more info on this!ShannonOn 25 May 2012 11:50, Scott McKeown <scott@loadbalancer.org> wrote:
_______________________________________________Hi All,
Has anyone looked at the current issue with the BEAST Attack.
I'm looking at https://www.ssllabs.com/ssltest/index.html which can be used for testing SSL Certificates I also use Pound Proxy which I have now patched and this has removed the threat.
However, I don't seem to be able to get the same result from a STunnel installation. If anyone can give some advice that would be great.
~Yours,
Scott
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users