[stunnel-users] BEAST Attack
Shannon Carver
shannon.carver at gmail.com
Fri May 25 16:26:17 CEST 2012
Hi Scott,
Yes, that's the cipher I'm using which seems to cover everything from a
secure ciphers point of view. Any idea how to disable client
renegotiations within Stunnel?
Shannon
On 25 May 2012 14:39, Scott McKeown <scott at loadbalancer.org> wrote:
> Hi Shannon,
>
> From what I understand so far a minimum Cipher list of
> 'RC4:HIGH:!MD5:!aNULL' along with stopping the Client Renegotiating the
> ciphers seems to resolve the problem.
>
> In Pound the patch allows for two new options to be set:
> SSLHonorCipherOrder & SSLAllowClientRenegotiation
>
> I've looked in the OpenSSL documentation but I don't seem to be able to
> find anything that has the same functionality although I'm no expert so I
> may have just over looked it.
>
>
> ~Scott
>
>
>
> On 25 May 2012 14:30, Shannon Carver <shannon.carver at gmail.com> wrote:
>
>> I posted a similar question a few months back, but didnt' get a reply.
>> Would love some more info on this!
>>
>> Shannon
>>
>> On 25 May 2012 11:50, Scott McKeown <scott at loadbalancer.org> wrote:
>>
>>> Hi All,
>>>
>>> Has anyone looked at the current issue with the BEAST Attack.
>>>
>>> I'm looking at https://www.ssllabs.com/ssltest/index.html which can be
>>> used for testing SSL Certificates I also use Pound Proxy which I have now
>>> patched and this has removed the threat.
>>>
>>> However, I don't seem to be able to get the same result from a STunnel
>>> installation. If anyone can give some advice that would be great.
>>>
>>>
>>> ~Yours,
>>> Scott
>>>
>>> _______________________________________________
>>> stunnel-users mailing list
>>> stunnel-users at stunnel.org
>>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120525/e8bb24d3/attachment.html>
More information about the stunnel-users
mailing list