[stunnel-users] BEAST Attack

Scott McKeown scott at loadbalancer.org
Wed May 30 12:14:25 CEST 2012

Hi Michal,

Thanks for following this up.

I'm using the latest build of STunnel v4.53 as shown below (I check the
site once a week just to make sure too)

# stunnel -version
stunnel 4.53 on x86_64-unknown-linux-gnu platform
Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010
Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:POLL+IPv6

Global options:
debug           = daemon.notice
pid             = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options:
ciphers         = FIPS (with "fips = yes")
ciphers         = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips
= no")
session         = 300 seconds
sslVersion      = TLSv1 (with "fips = yes")
sslVersion      = TLSv1 for client, all for server (with "fips = no")
stack           = 65536 bytes
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

I've also included a copy of my stunnel.cfg file below:
# more /etc/stunnel/stunnel.cfg
# STunnel configuration file generated by loadbalancer.org appliance
setgid = nobody
pid = /stunnel.pid
debug = 0

    accept =
    connect =
    cert = /etc/loadbalancer.org/certs/S1.pem
    ciphers = RC4:HIGH:!MD5:!aNULL
    options = NO_SSLv2
    protocol = proxy

I'm looking to include the STunnel Product within our Loadbalancer
Appliance in our next upcoming release but with everyone now using the SSL
checker that I mentioned in one of my last e-Mails more customers are
becoming concerned about MITM Attacks etc. so I would really like to get
this solved before I move forward with the project.

Oh, I guess I should also mention that this is running on a Centos 6.2 box.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120530/47839436/attachment.html>

More information about the stunnel-users mailing list