Hi all,<br>
<div><br></div><div>Long time lurker, but first time poster on the Stunnel mailing list. 狢'm currently entering into a business partnership with a prominent media group, and as such they've got some strict guidelines by which their partners should abide by when it comes to Security/Encryption, both for brand protection, and making sure that both sides are sufficiently covered (at least from a general scan point of view).</div>
<div><br></div><div>Basically the big thing that is coming up in my testing now (predominantly using the Qualysis tool at <a href="http://www.ssllabs.com">www.ssllabs.com</a>) is that I'm vulnerable to the BEAST attack, CBC-Mode vulnerabilities and a potential issue of DoS attack due to server accepting Client Side Re-negotiation.</div>
<div><br></div><div>I've spent days now trawling the web looking for a solution, but haven't really found anything of use yet, short of disabling CBC Ciphers completely (e.g 'cipher =袠C4-SHA:RC4-MD5:!SSLv2:!ADH:!EDH:!EXP:!aNULL:!eNULL:!NULL' or similar), but I fear this me be too restrictive when it comes to client support.</div>
<div><br></div><div>I guess my question is, are there other stunnel users who've been in the same situation, and is there a recommended cipher/options list when using Stunnel for HTTPS?</div><div><br></div><div>Thanks in advance</div>
<div><br>Shannon</div>