[stunnel-users] the connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues :(

Thomas Manson dev.mansonthomas at gmail.com
Fri Apr 6 12:37:48 CEST 2012


Hi,

 while I'm trying to get stunnel working for more than a few hours, I've
also notice this warning in google chrome :


the connection had to be retried using SSL 3.0. This typically means that
> the server is using very old software and may have other security issues.


[image: Inline image 1]

gmail for example has AES_128_CBC for crypting, can we get that without
much effort?


What should be set to get rid of this warning ?
I thought SSL v3 was the best (quickly pick acrross several example on the
net)
what is the best setting for this  ?

Thanks for your help,
Thomas.

My config :

debug = 7
output = /var/log/stunnel4/extranet.service.com_stunnel.log
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/extranet.service.com.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1


[extranet.service.com]
key           = /etc/stunnel/sites/extranet.service.com/extranet.service.com.key
cert          = /etc/stunnel/sites/extranet.service.com/extranet.service.com.crt
accept        = 8.90.17.4:443
connect       = 127.0.0.1:82
sslVersion = SSLv3
TIMEOUTclose  = 0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120406/f681a194/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: https.png
Type: image/png
Size: 18436 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120406/f681a194/attachment.png>


More information about the stunnel-users mailing list