On 2013-11-04 18:12, Simner, John wrote:
To prevent man-in-the-middle attacks, the phone should be able to handle the fragmented TLS block when CBC protection is activated on the client tomcat server.
I have been unable to find the appropriate stunnel configuration item to support this.
Please could you inform me how this is handled through stunnel.
There is no option to *enable* CBC protection, as this is the default.
Use "options = DONT_INSERT_EMPTY_FRAGMENTS" to disable this secure default.
Mike