When I run stunnel, I would like to enable the weaker ciphers and protocols (SSLv3) for testing purposes.
However, adding options to the stunnel.conf file doesn't seem to return new ciphers during the negotiation (using sslscan to generate the report).
I have look through the documentation and it doesn't seem to address these options very well.
Thanks,
glenn
options = SSLv2
;;ciphers = DH+AES
;;ciphers = HIGH:LOW
;;ciphers = HIGH:MEDIUM
ciphers = ALL
Supported Server Cipher(s):
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 56 bits DES-CBC-SHA
Accepted TLSv1 128 bits IDEA-CBC-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Prefered Server Cipher(s):
TLSv1 256 bits DHE-RSA-AES256-SHA
________________________________ This message may contain confidential information. If you are not the intended recipient of this e-mail, do not disseminate, distribute or copy this e-mail and delete this e-mail from your system.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Glenn,
When I run stunnel, I would like to enable the weaker ciphers and protocols (SSLv3) for testing purposes.
options = -NO_SSLv3
Mike