Hi Michal,

Thanks for following this up.

I'm using the latest build of STunnel v4.53 as shown below (I check the site once a week just to make sure too)

# stunnel -version
stunnel 4.53 on x86_64-unknown-linux-gnu platform
Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010
Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:POLL+IPv6
 
Global options:
debug           = daemon.notice
pid             = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes
 
Service-level options:
ciphers         = FIPS (with "fips = yes")
ciphers         = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no")
session         = 300 seconds
sslVersion      = TLSv1 (with "fips = yes")
sslVersion      = TLSv1 for client, all for server (with "fips = no")
stack           = 65536 bytes
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none


I've also included a copy of my stunnel.cfg file below:
# more /etc/stunnel/stunnel.cfg
# STunnel configuration file generated by loadbalancer.org appliance
setgid = nobody
pid = /stunnel.pid
debug = 0

[S1]
    accept = 192.168.82.182:443
    connect = 192.168.82.181:81
    cert = /etc/loadbalancer.org/certs/S1.pem
    ciphers = RC4:HIGH:!MD5:!aNULL
    options = NO_SSLv2
    protocol = proxy

I'm looking to include the STunnel Product within our Loadbalancer Appliance in our next upcoming release but with everyone now using the SSL checker that I mentioned in one of my last e-Mails more customers are becoming concerned about MITM Attacks etc. so I would really like to get this solved before I move forward with the project.

Oh, I guess I should also mention that this is running on a Centos 6.2 box.


~Yours,
Scott