Michael,
This could apply to stunnel. The settings you want for stunnel are called "ciphers" and possibly "sslVersion" that you can reference in the manual.
Those settings should allow you to customize the configuration for stunnel to fix the issue.
----------------- Leandro Avila
On Thursday, August 21, 2014 6:08 PM, Michael Curran mike_curran@hotmail.com wrote:
Does this request not apply to stunnel? I don not recall seeing these as setting within the stunnel configuration file, so this may be an irrelevant question.
From: mike_curran@hotmail.com To: stunnel-users@stunnel.org Date: Thu, 7 Aug 2014 12:55:36 -0500 Subject: [stunnel-users] SSL Server Allows Anonymous Authentication Vulnerability
I am looking at this vulnerability reported from McAfee -- but we use stunnel to secure our communications and not the application directly.
Are these settings that I can make within the stunnel config -- or something comparable?
SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users