[stunnel-users] BEAST Attack
Scott McKeown
scott at loadbalancer.org
Wed May 30 12:14:25 CEST 2012
Hi Michal,
Thanks for following this up.
I'm using the latest build of STunnel v4.53 as shown below (I check the
site once a week just to make sure too)
# stunnel -version
stunnel 4.53 on x86_64-unknown-linux-gnu platform
Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010
Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:POLL+IPv6
Global options:
debug = daemon.notice
pid = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options:
ciphers = FIPS (with "fips = yes")
ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips
= no")
session = 300 seconds
sslVersion = TLSv1 (with "fips = yes")
sslVersion = TLSv1 for client, all for server (with "fips = no")
stack = 65536 bytes
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
I've also included a copy of my stunnel.cfg file below:
# more /etc/stunnel/stunnel.cfg
# STunnel configuration file generated by loadbalancer.org appliance
setgid = nobody
pid = /stunnel.pid
debug = 0
[S1]
accept = 192.168.82.182:443
connect = 192.168.82.181:81
cert = /etc/loadbalancer.org/certs/S1.pem
ciphers = RC4:HIGH:!MD5:!aNULL
options = NO_SSLv2
protocol = proxy
I'm looking to include the STunnel Product within our Loadbalancer
Appliance in our next upcoming release but with everyone now using the SSL
checker that I mentioned in one of my last e-Mails more customers are
becoming concerned about MITM Attacks etc. so I would really like to get
this solved before I move forward with the project.
Oh, I guess I should also mention that this is running on a Centos 6.2 box.
~Yours,
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120530/47839436/attachment.html>
More information about the stunnel-users
mailing list