Hi,<div><br></div><div> while I'm trying to get stunnel working for more than a few hours, I've also notice this warning in google chrome : </div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
the connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues.</blockquote><div><br></div><div><img src="cid:ii_1368739f1536259f" alt="Inline image 1"> </div>
<div><br></div><div>gmail for example has AES_128_CBC for crypting, can we get that without much effort?</div><div><br></div><div><br></div><div>What should be set to get rid of this warning ? </div><div>I thought SSL v3 was the best (quickly pick acrross several example on the net)</div>
<div>what is the best setting for this ?</div><div><br></div><div>Thanks for your help,</div><div>Thomas.</div><div><br></div><div>My config : </div><div><br></div><div><pre class="alt2" dir="ltr" style="margin-top:0px;margin-bottom:0px;padding-top:6px;padding-right:6px;padding-bottom:6px;padding-left:6px;border-top-width:1px;border-right-width:1px;border-bottom-width:1px;border-left-width:1px;border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-color:initial;width:640px;height:290px;text-align:left;overflow-x:auto;overflow-y:auto">
<font face="'courier new', monospace">debug = 7
output = /var/log/stunnel4/extranet.service.com_stunnel.log
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/extranet.service.com.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[<a href="http://extranet.service.com">extranet.service.com</a>]
key = /etc/stunnel/sites/<a href="http://extranet.service.com/extranet.service.com.key">extranet.service.com/extranet.service.com.key</a>
cert = /etc/stunnel/sites/<a href="http://extranet.service.com/extranet.service.com.crt">extranet.service.com/extranet.service.com.crt</a>
accept = <a href="http://8.90.17.4:443">8.90.17.4:443</a>
connect = <a href="http://127.0.0.1:82">127.0.0.1:82</a>
<span style="background-color:rgb(255,255,0)">sslVersion = SSLv3</span>
TIMEOUTclose = 0</font></pre></div>