[stunnel-users] Problem with sslv2 clients
Michal Trojnara
Michal.Trojnara at mirt.net
Fri Dec 16 15:02:11 CET 2011
Markus Borst (HRZ) wrote:
> Since the use of these options in this combination is not clear from
> the documentation, I have a few suggestions to update the docs:
Writing documentation is something I'm not really good at. Feel free
to to contribute any updates to the manual (stunnel.pod).
> As a longer term enhancement, I suggest making the "sslVersion"
> option multi-valued.
Unfortunately this is not really technically feasible due to
limitations of the SSL/TLS protocol itself. 8-)
https://www.ietf.org/rfc/rfc2246.txt
> And the above configuration should go as an example into the default
> config file, since this particular combination ("sslVersion=all" AND
> "options=NO_SSLv2") ist a bit counter intuitive.
This is actually quite simple:
- sslVersion is about the version of SSL/TLS protocol specification
- options is about internal OpenSSL tweaks:
http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
I don't think it's a good idea to reproduce this manual in stunnel.
Mike
More information about the stunnel-users
mailing list