[stunnel-users] Problem with sslv2 clients

• Previous message (by thread): [stunnel-users] Problem with sslv2 clients
• Next message (by thread): [stunnel-users] Is Stunnel Right Tool for....?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Markus Borst (HRZ) wrote:
> Since the use of these options in this combination is not clear from
> the documentation, I have a few suggestions to update the docs:

Writing documentation is something I'm not really good at.  Feel free 
to to contribute any updates to the manual (stunnel.pod).

> As a longer term enhancement, I suggest making the "sslVersion"
> option multi-valued.

Unfortunately this is not really technically feasible due to 
limitations of the SSL/TLS protocol itself.  8-)
https://www.ietf.org/rfc/rfc2246.txt

> And the above configuration should go as an example into the default
> config file, since this particular combination ("sslVersion=all" AND
> "options=NO_SSLv2") ist a bit counter intuitive.

This is actually quite simple:
  - sslVersion is about the version of SSL/TLS protocol specification
  - options is about internal OpenSSL tweaks:
    http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
    I don't think it's a good idea to reproduce this manual in stunnel.

Mike

• Previous message (by thread): [stunnel-users] Problem with sslv2 clients
• Next message (by thread): [stunnel-users] Is Stunnel Right Tool for....?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]