[stunnel-users] BEAST Attack

Scott McKeown scott at loadbalancer.org
Fri May 25 15:39:10 CEST 2012


Hi Shannon,

>From what I understand so far a minimum Cipher list of
'RC4:HIGH:!MD5:!aNULL' along with stopping the Client Renegotiating the
ciphers seems to resolve the problem.

In Pound the patch allows for two new options to be set:
SSLHonorCipherOrder & SSLAllowClientRenegotiation

I've looked in the OpenSSL documentation but I don't seem to be able to
find anything that has the same functionality although I'm no expert so I
may have just over looked it.


~Scott


On 25 May 2012 14:30, Shannon Carver <shannon.carver at gmail.com> wrote:

> I posted a similar question a few months back, but didnt' get a reply.
>  Would love some more info on this!
>
> Shannon
>
> On 25 May 2012 11:50, Scott McKeown <scott at loadbalancer.org> wrote:
>
>> Hi All,
>>
>> Has anyone looked at the current issue with the BEAST Attack.
>>
>> I'm looking at https://www.ssllabs.com/ssltest/index.html which can be
>> used for testing SSL Certificates I also use Pound Proxy which I have now
>> patched and this has removed the threat.
>>
>> However, I don't seem to be able to get the same result from a STunnel
>> installation. If anyone can give some advice that would be great.
>>
>>
>> ~Yours,
>> Scott
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120525/a24facc1/attachment.html>


More information about the stunnel-users mailing list