10 Feb
2011
10 Feb
'11
9:24 a.m.
Amol wrote:
What should be the ideal value for TIMEOUTclose ?
The default should be fine for security.
Microsoft decided to refuse to comply with the SSL specification ignore close-notify SSL protocol alert be default: http://msdn.microsoft.com/en-us/library/aa364671%28v=vs.85%29.aspx http://www.mail-archive.com/modssl-users@modssl.org/msg02474.html
You may use lower values (e.g. 0) to deal with broken Microsoft implementations of SSL. The error reported by stunnel means that you might be affected by SSL truncation attack. Microsoft decided to accept this vulnerability. You my do it as well or drop support for their broken version of SSL.
Mike