Hi Michal,
Thanks for following this up.
I'm using the latest build of STunnel v4.53 as shown below (I check the site once a week just to make sure too)
# stunnel -version stunnel 4.53 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010 Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:POLL+IPv6
Global options: debug = daemon.notice pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options: ciphers = FIPS (with "fips = yes") ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no") session = 300 seconds sslVersion = TLSv1 (with "fips = yes") sslVersion = TLSv1 for client, all for server (with "fips = no") stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
I've also included a copy of my stunnel.cfg file below: # more /etc/stunnel/stunnel.cfg # STunnel configuration file generated by loadbalancer.org appliance setgid = nobody pid = /stunnel.pid debug = 0
[S1] accept = 192.168.82.182:443 connect = 192.168.82.181:81 cert = /etc/loadbalancer.org/certs/S1.pem ciphers = RC4:HIGH:!MD5:!aNULL options = NO_SSLv2 protocol = proxy
I'm looking to include the STunnel Product within our Loadbalancer Appliance in our next upcoming release but with everyone now using the SSL checker that I mentioned in one of my last e-Mails more customers are becoming concerned about MITM Attacks etc. so I would really like to get this solved before I move forward with the project.
Oh, I guess I should also mention that this is running on a Centos 6.2 box.
~Yours, Scott