-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
is there a way (perhaps using extended 'options' section?), to enforce a minimum cipher strength / type for the connecting client?
a solution would be to use apache 2's sslproxy to stunnel (yikes), but stunnel rocks :)
apache / mod_ssl - from httpd.conf
# SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:- SSLv2:+EXP:+eNULL
Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
auto403973@hushmail.com wrote:
is there a way (perhaps using extended 'options' section?), to enforce a minimum cipher strength / type for the connecting client?
Sure. Please read the fine manual: http://stunnel.mirt.net/static/stunnel.html
The option name is "ciphers".
Best regards, Mike
-
auto403973ï¼ hushmail.com -
Michal Trojnara