Michael, This could apply to stunnel. The settings you want for stunnel are called "ciphers" and possibly "sslVersion" that you can reference in the manual. Those settings should allow you to customize the configuration for stunnel to fix the issue. ----------------- Leandro Avila On Thursday, August 21, 2014 6:08 PM, Michael Curran <mike_curran@hotmail.com> wrote:
Does this request not apply to stunnel? I don not recall seeing these as setting within the stunnel configuration file, so this may be an irrelevant question.
________________________________ From: mike_curran@hotmail.com To: stunnel-users@stunnel.org Date: Thu, 7 Aug 2014 12:55:36 -0500 Subject: [stunnel-users] SSL Server Allows Anonymous Authentication Vulnerability
I am looking at this vulnerability reported from McAfee -- but we use stunnel to secure our communications and not the application directly.
Are these settings that I can make within the stunnel config -- or something comparable?
SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
_______________________________________________
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users