Kevin,

The configuration directives that are relevant in this case are sslVersion = TLSv1.2 ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256

Keep in mind that TLS 1.2 is not widely deployed. So if you need backward compatibility you might want to enable SSLv3, TLSv1, TLSv1.1

The documentation in the link you provided should allow you to tweak the ciphers you want http://www.openssl.org/docs/apps/ciphers.html

----------------- Leandro Avila

----- Original Message -----

From: Editor editor@cellmail.com To: stunnel-users@stunnel.org Cc: Sent: Monday, February 4, 2013 2:20 PM Subject: [stunnel-users] STUNNEL --- How to chose the AES cipher with TLS v1.2

Hi to all:

In reading the FAQ and looking at the sample configuration file, I do not see an example of how to correctly configure the application to use the more current AES-256 or the AES-128 cipher configurations.

I do have the current OpenSSL on the host (a Sun SPARC box). The idea is to use this host as a SSL proxy for a number of services.

I did see this reference:

options = CIPHER_SERVER_PREFERENCE

But not how to then set the SSL cipher except as I found on Google.

There was this on the MAN page but it seems to fail in my configuration:

ciphers = cipherlist Select permitted SSL ciphers. A colon delimited list of the ciphers to allow in the SSL connection. For example DES-CBC3-SHA:IDEA-CBC-MD5

Thanks.

Kevin

Reference Ciphers supported by OpenSSL: http://www.openssl.org/docs/apps/ciphers.html

---

stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users