[stunnel-users] Strange Stunnel crash (no errors, issues, anything)

Michal Trojnara Michal.Trojnara at mirt.net
Fri May 17 07:49:15 CEST 2013


Alfred Kernaghan wrote:
> apart from the fact with the default combination the ciphers and
> security are incorrect (BEAST/CRIME vulnerable)
Unfortunately I don't think anymore that RC4 is a better choice:
   
http://nakedsecurity.sophos.com/2013/03/16/has-https-finally-been-cracked/
http://ssl.entrust.net/blog/?p=1887
Also see some initial results of my own research of this topic:
    http://mike.mirt.net/AlFBPPS-4.png
The ultimate solution would be to use TLS/1.2, which is already
supported in stunnel.  All we can do is to wait for client support.
I think AlFBPPS attack is in most cases much easier to exploit than
BEAST and Lucky Thirteen attacks for most practical scenarios.
As for CRIME: stunnel has compression turned off by default since
version 4.51.

> Short of wiping the machine completely and re-installing, can anyone
> think of anything else I can try?
Please collect a stack backtrace:
https://www.stunnel.org/pipermail/stunnel-users/2005-June/000551.html

Mike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130517/c42221a0/attachment.sig>


More information about the stunnel-users mailing list