[stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3

• Previous message (by thread): [stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3
• Next message (by thread): [stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Mike,


yes your correct, but I have forced the installation with "stunnel-4.29-3.el6_4.x86_64" ( all other packages openssl, etc. updated) and SSLv3 is working again.


So, for my understanding there must be a bug or they have disabled SSLv3 in version "stunnel-4.29-3.el6_6.1.x86_64".


Regards,

Sebastian.





________________________________
Von: stunnel-users <stunnel-users-bounces at stunnel.org> im Auftrag von Michal Trojnara <Michal.Trojnara at mirt.net>
Gesendet: Donnerstag, 29. Januar 2015 12:12
An: stunnel-users at stunnel.org
Betreff: Re: [stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3

Hi Sebastian,

The ChangeLog does not say anything about disabling SSLv3:
http://rpmfind.net/linux/RPM/centos/updates/6.6/x86_64/Packages/stunnel-4.29-3.el6_6.1.x86_64.html
I guess it may be disabled in the OpenSSL rather than in stunnel.

Anyway, if you connect stunnel with some software that's so old that it doesn't support TLS, the software is almost certainly no longer supported, and most likely vulnerable to attacks.  This is a serious risk!

Mike

On 29.01.2015 11:58, Sebastian Ochsenkühn wrote:

Hi Mike,


thanks for your fast response, but I think there is a big issue.

The latest version that is available in the CENTOS 6 Base Repo is "stunnel-4.29-3.el6_6.1.x86_64"  - In this version the SSLv3 is disabled by default, but there is not option to enable it.


I hope you understand my situation :-)





________________________________
Von: stunnel-users <stunnel-users-bounces at stunnel.org><mailto:stunnel-users-bounces at stunnel.org> im Auftrag von Michal Trojnara <Michal.Trojnara at mirt.net><mailto:Michal.Trojnara at mirt.net>
Gesendet: Donnerstag, 29. Januar 2015 11:44
An: stunnel-users at stunnel.org<mailto:stunnel-users at stunnel.org>
Betreff: Re: [stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3

Hi Sebastian,

My documentation describes the latest version of stunnel.  For an old version please refer to the appropriate manual page distributed with the specific version you're using.

Mike

On 29.01.2015 11:40, Sebastian Ochsenkühn wrote:

Hi,


I have a big problem with the new stunnel version on CentOS 6.6 (stunnel-4.29-3.el6_6.1.x86_64) that is available in the CentOS base repository.


You describe in your documentation that SSLv3 is disabled by default.  -> OK for me, but I need SSLv3 and the option with -NO_SSLv3 is not working?!

PS: this is also not working with -NO_SSLv2 option.


options = -NO_SSLv3 = NOT Working


option = NO_SSLv3 = Working.


Currently i have installed an older version, where the SSLv3 protocoll is not disabled by default.


Is there anything that I'm doing wrong?


Thanks and Regards,

Sebastian.



_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org<mailto:stunnel-users at stunnel.org>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150129/aac5a311/attachment.html>

• Previous message (by thread): [stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3
• Next message (by thread): [stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]