[stunnel-users] Hangs when connecting -- advice pls
scott at loadbalancer.org
Wed Sep 21 12:15:00 CEST 2016
To me this looks like a cipher issue.
There are a few options that you can try to resolve this if it is.
I would try adding the following lines into your STunnel Configuration file:
delay = yes
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = CIPHER_SERVER_PREFERENCE
options = DONT_INSERT_EMPTY_FRAGMENTS
Delay will delay and DNS lookups that maybe actioned by the request (not
normally needed but I always include if for sanity sake)
The three 'options' sections turn off all the known problematic cipher
lists if you need a key that is in one of these block feel free to remove
that directive but I think a good start would be to leave the 'NO_SSLv3'
option in place
The 'CIPHER_SERVER_PREFERENCE' option will make set whether the client is
allowed to renegotiat the ciphers that are to be used between the client
and the server process.
And finally 'DONT_INSERT_EMPTY_FRAGMENTS' will mitigate an issue in the CBC
ciphers that was in the SSLv3 and TLS1.0 cipher lists again I only include
it for sanity sake now but its better to have than to go without.
With Kind Regards.
Tel (UK) - +44 (0) 3303801064 (24x7)
Tel (US) - +1 888.867.9504 (Toll Free)(24x7)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users