[stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3

Peter Pentchev roam at ringlet.net
Thu Jan 29 12:20:35 CET 2015


On Thu, Jan 29, 2015 at 10:58:24AM +0000, Sebastian Ochsenk├╝hn wrote:
> Hi Mike,
> 
> 
> thanks for your fast response, but I think there is a big issue.
> 
> The latest version that is available in the CENTOS 6 Base Repo is "stunnel-4.29-3.el6_6.1.x86_64"  - In this version the SSLv3 is disabled by default, but there is not option to enable it.
> 
> 
> I hope you understand my situation :-)

Yes, we do understand your situation, and yes, this is a problem that
does occur now and then when popular distributions keep older versions
of software in their stable release branches (for very good reasons,
too, but that's another topic).

The best way for you to get assistance is to contact RedHat through
their CentOS support channels.  They are in the best position to know
exactly what changes they have made to the stock stunnel-4.29 (and
apparently they have made some changes, since the stock stunnel-4.29
does not disable SSLv3 - and they have made these changes for very good
reasons, too), and ask them how to configure that version of stunnel to
reenable SSLv3.

In fact, this always applies to packaged software obtained from
a distribution: the first point of contact should always be the
packagers in the distribution.

G'luck,
Peter

> Von: stunnel-users <stunnel-users-bounces at stunnel.org> im Auftrag von Michal Trojnara <Michal.Trojnara at mirt.net>
> Gesendet: Donnerstag, 29. Januar 2015 11:44
> An: stunnel-users at stunnel.org
> Betreff: Re: [stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3
> 
> Hi Sebastian,
> 
> My documentation describes the latest version of stunnel.  For an old version please refer to the appropriate manual page distributed with the specific version you're using.
> 
> Mike
> 
> On 29.01.2015 11:40, Sebastian Ochsenk├╝hn wrote:
> 
> Hi,
> 
> 
> I have a big problem with the new stunnel version on CentOS 6.6 (stunnel-4.29-3.el6_6.1.x86_64) that is available in the CentOS base repository.
> 
> 
> You describe in your documentation that SSLv3 is disabled by default.  -> OK for me, but I need SSLv3 and the option with -NO_SSLv3 is not working?!
> 
> PS: this is also not working with -NO_SSLv2 option.
> 
> 
> options = -NO_SSLv3 = NOT Working
> 
> 
> option = NO_SSLv3 = Working.
> 
> 
> Currently i have installed an older version, where the SSLv3 protocoll is not disabled by default.
> 
> 
> Is there anything that I'm doing wrong?
> 
> 
> Thanks and Regards,
> 
> Sebastian.

-- 
Peter Pentchev  roam at ringlet.net roam at FreeBSD.org p.penchev at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150129/9996bc04/attachment.sig>


More information about the stunnel-users mailing list