[stunnel-users] the connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues :(

Michal Trojnara Michal.Trojnara at mirt.net
Fri Apr 6 12:53:46 CEST 2012

Thomas Manson wrote:
> gmail for example has AES_128_CBC for crypting,
> can we get that without much effort?

Of course.  The option you want is:
     ciphers = AES128-SHA

BTW: Bear in mind that CBC-based ciphers are vulnerable to the Beast 
attack, and thus *less* secure than stunnel default.


More information about the stunnel-users mailing list