Hi Michal,
Thanks for following this up.
I'm using the latest build of STunnel v4.53 as shown below (I check the site once a week just to make sure too)
# stunnel -version
stunnel 4.53 on x86_64-unknown-linux-gnu platform
Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010
Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:POLL+IPv6
Global options:
debug = daemon.notice
pid = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options:
ciphers = FIPS (with "fips = yes")
ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no")
session = 300 seconds
sslVersion = TLSv1 (with "fips = yes")
sslVersion = TLSv1 for client, all for server (with "fips = no")
stack = 65536 bytes
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
I've also included a copy of my stunnel.cfg file below:
# more /etc/stunnel/stunnel.cfg
# STunnel configuration file generated by loadbalancer.org appliance
setgid = nobody
pid = /stunnel.pid
debug = 0
[S1]
accept = 192.168.82.182:443
connect = 192.168.82.181:81
cert = /etc/loadbalancer.org/certs/S1.pem
ciphers = RC4:HIGH:!MD5:!aNULL
options = NO_SSLv2
protocol = proxy
I'm looking to include the STunnel Product within our Loadbalancer Appliance in our next upcoming release but with everyone now using the SSL checker that I mentioned in one of my last e-Mails more customers are becoming concerned about MITM Attacks etc. so I would really like to get this solved before I move forward with the project.
Oh, I guess I should also mention that this is running on a Centos 6.2 box.
~Yours,
Scott