Hi Michal,<br><br>Thanks for following this up.<br><br>I'm using the latest build of STunnel v4.53 as shown below (I check the site once a week just to make sure too)<br><br># stunnel -version<br>stunnel 4.53 on x86_64-unknown-linux-gnu platform<br>
Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010<br>Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:POLL+IPv6<br> <br>Global options:<br>debug = daemon.notice<br>pid = /usr/local/var/run/stunnel/stunnel.pid<br>
RNDbytes = 64<br>RNDfile = /dev/urandom<br>RNDoverwrite = yes<br> <br>Service-level options:<br>ciphers = FIPS (with "fips = yes")<br>ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no")<br>
session = 300 seconds<br>sslVersion = TLSv1 (with "fips = yes")<br>sslVersion = TLSv1 for client, all for server (with "fips = no")<br>stack = 65536 bytes<br>TIMEOUTbusy = 300 seconds<br>
TIMEOUTclose = 60 seconds<br>TIMEOUTconnect = 10 seconds<br>TIMEOUTidle = 43200 seconds<br>verify = none<br><br><br>I've also included a copy of my stunnel.cfg file below:<br># more /etc/stunnel/stunnel.cfg <br>
# STunnel configuration file generated by <a href="http://loadbalancer.org">loadbalancer.org</a> appliance<br>setgid = nobody<br>pid = /stunnel.pid<br>debug = 0<br><br>[S1]<br> accept = <a href="http://192.168.82.182:443">192.168.82.182:443</a><br>
connect = <a href="http://192.168.82.181:81">192.168.82.181:81</a><br> cert = /etc/<a href="http://loadbalancer.org/certs/S1.pem">loadbalancer.org/certs/S1.pem</a><br> ciphers = RC4:HIGH:!MD5:!aNULL<br> options = NO_SSLv2<br>
protocol = proxy<br><br>I'm looking to include the STunnel Product within our Loadbalancer Appliance in our next upcoming release but with everyone now using the SSL checker that I mentioned in one of my last e-Mails more customers are becoming concerned about MITM Attacks etc. so I would really like to get this solved before I move forward with the project.<br>
<br>Oh, I guess I should also mention that this is running on a Centos 6.2 box.<br><br><br>~Yours,<br>Scott<br>