Alfred Kernaghan wrote:
apart from the fact with the default combination the ciphers and security are incorrect (BEAST/CRIME vulnerable)
Unfortunately I don't think anymore that RC4 is a better choice:
http://nakedsecurity.sophos.com/2013/03/16/has-https-finally-been-cracked/ http://ssl.entrust.net/blog/?p=1887 Also see some initial results of my own research of this topic: http://mike.mirt.net/AlFBPPS-4.png The ultimate solution would be to use TLS/1.2, which is already supported in stunnel. All we can do is to wait for client support. I think AlFBPPS attack is in most cases much easier to exploit than BEAST and Lucky Thirteen attacks for most practical scenarios. As for CRIME: stunnel has compression turned off by default since version 4.51.
Short of wiping the machine completely and re-installing, can anyone think of anything else I can try?
Please collect a stack backtrace: https://www.stunnel.org/pipermail/stunnel-users/2005-June/000551.html
Mike