[stunnel-users] How to enable weak ciphers in stunnel

Swonk, Glenn Glenn.Swonk at tais.toshiba.com
Fri Nov 14 19:23:43 CET 2014



When I run stunnel, I would like to enable the weaker ciphers and
protocols (SSLv3) for testing purposes.

However, adding options to the stunnel.conf file doesn't seem to return
new ciphers during the negotiation (using sslscan to generate the


I have look through the documentation and it doesn't seem to address
these options very well.






options = SSLv2

;;ciphers = DH+AES


;;ciphers = HIGH:LOW

;;ciphers = HIGH:MEDIUM

ciphers = ALL



Supported Server Cipher(s):

   Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA

   Accepted  TLSv1  256 bits  AES256-SHA

   Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA

   Accepted  TLSv1  128 bits  AES128-SHA

   Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA

   Accepted  TLSv1   56 bits  EDH-RSA-DES-CBC-SHA

   Accepted  TLSv1  168 bits  DES-CBC3-SHA

   Accepted  TLSv1   56 bits  DES-CBC-SHA

   Accepted  TLSv1  128 bits  IDEA-CBC-SHA

   Accepted  TLSv1  128 bits  RC4-SHA

   Accepted  TLSv1  128 bits  RC4-MD5


Prefered Server Cipher(s):

   TLSv1  256 bits  DHE-RSA-AES256-SHA


This message may contain confidential information.  If you are not the intended recipient of this e-mail, do not disseminate, distribute or copy this e-mail and delete this e-mail from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20141114/587c904d/attachment.html>

More information about the stunnel-users mailing list