On Thu, Jan 29, 2015 at 10:58:24AM +0000, Sebastian Ochsenkühn wrote:
Hi Mike,
thanks for your fast response, but I think there is a big issue.
The latest version that is available in the CENTOS 6 Base Repo is "stunnel-4.29-3.el6_6.1.x86_64" - In this version the SSLv3 is disabled by default, but there is not option to enable it.
I hope you understand my situation :-)
Yes, we do understand your situation, and yes, this is a problem that does occur now and then when popular distributions keep older versions of software in their stable release branches (for very good reasons, too, but that's another topic).
The best way for you to get assistance is to contact RedHat through their CentOS support channels. They are in the best position to know exactly what changes they have made to the stock stunnel-4.29 (and apparently they have made some changes, since the stock stunnel-4.29 does not disable SSLv3 - and they have made these changes for very good reasons, too), and ask them how to configure that version of stunnel to reenable SSLv3.
In fact, this always applies to packaged software obtained from a distribution: the first point of contact should always be the packagers in the distribution.
G'luck, Peter
Von: stunnel-users stunnel-users-bounces@stunnel.org im Auftrag von Michal Trojnara Michal.Trojnara@mirt.net Gesendet: Donnerstag, 29. Januar 2015 11:44 An: stunnel-users@stunnel.org Betreff: Re: [stunnel-users] Centos 6.6 Final stunnel-4.29-3.el6_6.1.x86_64 - options set problem SSLv3
Hi Sebastian,
My documentation describes the latest version of stunnel. For an old version please refer to the appropriate manual page distributed with the specific version you're using.
Mike
On 29.01.2015 11:40, Sebastian Ochsenkühn wrote:
Hi,
I have a big problem with the new stunnel version on CentOS 6.6 (stunnel-4.29-3.el6_6.1.x86_64) that is available in the CentOS base repository.
You describe in your documentation that SSLv3 is disabled by default. -> OK for me, but I need SSLv3 and the option with -NO_SSLv3 is not working?!
PS: this is also not working with -NO_SSLv2 option.
options = -NO_SSLv3 = NOT Working
option = NO_SSLv3 = Working.
Currently i have installed an older version, where the SSLv3 protocoll is not disabled by default.
Is there anything that I'm doing wrong?
Thanks and Regards,
Sebastian.