[stunnel-users] enforcing minimum cipher set available

auto403973 at hushmail.com auto403973 at hushmail.com
Wed Dec 29 07:48:26 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

is there a way (perhaps using extended 'options' section?), to
enforce a minimum cipher strength / type for the connecting client?

a solution would be to use apache 2's sslproxy to stunnel (yikes),
but stunnel rocks :)


apache / mod_ssl - from httpd.conf

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-
SSLv2:+EXP:+eNULL
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkHSUs4ACgkQdgNHoxEs/oi+2ACfYPDjijulcO0luIPfV2oYZ4aLWdAA
niumLVXQRaEEK12TO5EF12e9ay/b
=aNe8
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427



More information about the stunnel-users mailing list