[stunnel-users] server does not send its cert?

Keresztfalvi Laszlo lkereszt at gmail.com
Tue Feb 14 15:33:59 CET 2012


Right after I clicked the send button I've got the feeling that this is a
too-old-to-be-true story.

Thanks for the clarification!
Laszlo

On Tue, Feb 14, 2012 at 14:55, Michal Trojnara <Michal.Trojnara at mirt.net>wrote:

> Keresztfalvi Laszlo wrote:
>
>> 2012.02.14 13:13:32 LOG6[87260:136504]: Negotiated ciphers: RC4-SHA SSLv3
>> Kx=RSA Au=RSA ENC=RC4(128) Mac=SHA1
>>
>>
>> RC4 128-bit is not something that considered secure. I don't know why
>> this was choosen but probably this caused that FIPS mode rejected the
>> connection?
>>
>
> Contrary to popular belief, RC4-SHA is probably the most secure
> ciphersuite available in SSL/TLS.  In fact RC4 is the only SSL algorithm
> not vulnerable to the BEAST attack:
> http://blog.zoller.lu/2011/09/**beast-summary-tls-cbc-**
> countermeasures.html<http://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html>
>
> On the other hand it is easy to use RC4 in an insecure way.  Many products
> and protocols were broken because RC4 was used incorrectly.  This is *not*
> the case for SSL/TLS.  No practical attacks are currently known against
> RC4-based SSL/TLS.
>
> Mike
>
> ______________________________**_________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/**mailman/listinfo/stunnel-users<http://stunnel.mirt.net/mailman/listinfo/stunnel-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120214/9c38d3ca/attachment.html>


More information about the stunnel-users mailing list