[stunnel-users] stunnel, haproxy and ssl cert

Michal Trojnara Michal.Trojnara at mirt.net
Thu Feb 10 10:24:53 CET 2011

Amol wrote:
> What should be the ideal value for TIMEOUTclose ?

The default should be fine for security.

Microsoft decided to refuse to comply with the SSL specification ignore
close-notify SSL protocol alert be default:

You may use lower values (e.g. 0) to deal with broken Microsoft
implementations of SSL.  The error reported by stunnel means that you might
be affected by SSL truncation attack.  Microsoft decided to accept this
vulnerability.  You my do it as well or drop support for their broken
version of SSL.


More information about the stunnel-users mailing list