Hi All,
I was wondering if anyone knows if its possible to pass a 'really' large cookie through STunnel.
I've just built the latest version again (output below). However, we have a client that is looking to pass 16Kb (yes I know please don't tell me this is a bad idea a I know this!) via a cookie. Since we are looking to include STunnel in our offerings I was wondering if we could increase or change the maximum allowed size.
I have a script that will generate a test cookie of any size that I require to test with but I can only get an 8K cookie to work.
Any help would be great.
~Yours, Scott
[root@localhost ~]# stunnel -version stunnel 4.54 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010 Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:POLL+IPv6
Global options: debug = daemon.notice pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options: ciphers = FIPS (with "fips = yes") ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no") sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds sslVersion = TLSv1 (with "fips = yes") sslVersion = TLSv1 for client, all for server (with "fips = no") stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none [root@localhost ~]#
On Mon, Nov 19, 2012 at 12:26:17PM +0000, Scott McKeown wrote:
Hi All,
I was wondering if anyone knows if its possible to pass a 'really' large cookie through STunnel.
I've just built the latest version again (output below). However, we have a client that is looking to pass 16Kb (yes I know please don't tell me this is a bad idea a I know this!) via a cookie. Since we are looking to include STunnel in our offerings I was wondering if we could increase or change the maximum allowed size.
I have a script that will generate a test cookie of any size that I require to test with but I can only get an 8K cookie to work.
Any help would be great.
Can you post your script and the error messages (and the Stunnel log files), or at least the error messages and the log files? Offhand, I can't really think of anything that should go wrong - Stunnel shouldn't attempt to examine the traffic passing through it at all.
G'luck, Peter
Hi Guys,
Sorry guys, I sent this direct by mistake.
Please ignore this, I was being really stupid and was hitting the 'LimitRequestFieldSize' and the 'LimitRequestLine' settings in Apache. I've only been working on this for the last 2 days. Thanks for the help anyhow, and it just proves that even I can have off days :)
On 19 November 2012 12:42, Peter Pentchev roam@ringlet.net wrote:
On Mon, Nov 19, 2012 at 12:26:17PM +0000, Scott McKeown wrote:
Hi All,
I was wondering if anyone knows if its possible to pass a 'really' large cookie through STunnel.
I've just built the latest version again (output below). However, we
have a
client that is looking to pass 16Kb (yes I know please don't tell me this is a bad idea a I know this!) via a cookie. Since we are looking to
include
STunnel in our offerings I was wondering if we could increase or change
the
maximum allowed size.
I have a script that will generate a test cookie of any size that I
require
to test with but I can only get an 8K cookie to work.
Any help would be great.
Can you post your script and the error messages (and the Stunnel log files), or at least the error messages and the log files? Offhand, I can't really think of anything that should go wrong - Stunnel shouldn't attempt to examine the traffic passing through it at all.
G'luck, Peter
-- Peter Pentchev roam@ringlet.net roam@FreeBSD.org peter@packetscale.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 This sentence would be seven words long if it were six words shorter.
-
Peter Pentchev -
Scott McKeown