[stunnel-users] default ciphers in stunnel 4.43 vs. stunnel 4.33

Brian Peterson brian.j.peterson at gmail.com
Fri Oct 14 20:46:19 CEST 2011


I recently upgraded stunnel from 4.33 to 4.43 and immediately noticed
problems with a particular client trying to connect to my servers. It
appears that the client only supports SSLv2 (about which I will be talking
to the client developers). In reviewing the stunnel release notes, I find
that "!SSLv2" was first added to the default ciphers value in 4.37 and was
retained in the default ciphers value in 4.40. What I am trying to find out
at this point is what the default cipher list would have been under 4.33.

I have grep'd the sources and found STUNNEL_CIPHER_LIST in options.c for
4.43, but there is no corresponding default ciphers config in 4.33. It
*appears* that 4.33 is inheriting its default ciphers from whatever the
installed OpenSSL uses by default. Is that correct?

If I set ciphers to "ALL" under 4.43 would the running stunnel be using the
same cipher list as the 4.33 build we were running previously?


P.S. - No need to discuss the wisdom of our cipher list at the moment... I
just want to get this client functioning and then worry about The Right
Thing To Do.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20111014/92872ea7/attachment.html>

More information about the stunnel-users mailing list