Hi, while testing the upgrade from stunnel 5.26 to stunnel 5.27 on Solaris, one of the tools I use reported that SSL compression was now supported/possible on connections to an stunnel 5.27 instance; this was not the case with 5.26 or earlier.
Unfortunately, it is not possible to demonstrate this using openssl as client, I found this using TestSSLServer, which is java-based and available from http://www.bolet.org/TestSSLServer/.
With 5.26: | $ java -jar TestSSLServer.jar $server 443 | Supported versions: TLSv1.2 | Deflate compression: no | Supported cipher suites (ORDER IS NOT SIGNIFICANT): | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ---------------------- | Server certificate(s): | 4c57045b3f8f9cdd6f487e59a5b008ccb9d38693: CN=***, OU=***, O=***, C=*** | ---------------------- | Minimal encryption strength: strong encryption (96-bit or more) | Achievable encryption strength: strong encryption (96-bit or more) | BEAST status: protected | CRIME status: protected
Note: "Deflate compression: no", "CRIME status: protected"
With 5.27: | $ java -jar /prod/certmon2/bin/TestSSLServer.jar $server 443 | Supported versions: TLSv1.2 | Deflate compression: YES | Supported cipher suites (ORDER IS NOT SIGNIFICANT): | TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ---------------------- | Server certificate(s): | 4c57045b3f8f9cdd6f487e59a5b008ccb9d38693: CN=***, OU=***, O=***, C=*** | ---------------------- | Minimal encryption strength: strong encryption (96-bit or more) | Achievable encryption strength: strong encryption (96-bit or more) | BEAST status: protected | CRIME status: vulnerable
With 5.27, I get "Deflate compression: YES" and "CRIME status: vulnerable".
Server OS: Solaris 10/SPARC or Solaris 11/SPARC (others not tested) OpenSSL: 1.0.1p or 1.0.1q (others not tested) Client: TestSSLServer
Both stunnel and OpenSSL are self-compiled using Solaris Studio 12.4.
The stunnel.conf in question:
sslVersion = TLSv1.2 ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256 cert = test1.crt key = test1.key verify = 2 [test] client = no accept = A.B.C.D:443 connect = 127.0.0.1:8080
The scanner from SSL Labs should be able to check this as well, but I do not have the neccessary modern Python available. I will check if I can reproduce the problem on something a little more mainstream than Solaris 10/11 over the weekend.
--
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 04.12.2015 14:51, Udo Erdelhoff wrote:
while testing the upgrade from stunnel 5.26 to stunnel 5.27 on Solaris, one of the tools I use reported that SSL compression was now supported/possible on connections to an stunnel 5.27 instance; this was not the case with 5.26 or earlier.
I could not reproduce this problem. Could you please send me the debug logs ("debug = 7") from your stunnel: both the logs generated when stunnel starts, and the logs generated during the tests.
Best regards, Mike