[stunnel-users] SSL Server Allows Anonymous Authentication Vulnerability

Leandro Avila leandro.avila at ymail.com
Mon Aug 25 21:58:03 CEST 2014


Michael,

This could apply to stunnel. The settings you want for stunnel are called "ciphers" and possibly "sslVersion"
that you can reference in the manual.

Those settings should allow you to customize the configuration for stunnel to fix the issue.

----------------- 
Leandro Avila


On Thursday, August 21, 2014 6:08 PM, Michael Curran <mike_curran at hotmail.com> wrote:


>
>
>Does this request not apply to stunnel? I don not recall seeing these as setting within the stunnel configuration file, so this may be an irrelevant question.
>
>
>
>________________________________
>From: mike_curran at hotmail.com
>To: stunnel-users at stunnel.org
>Date: Thu, 7 Aug 2014 12:55:36 -0500
>Subject: [stunnel-users] SSL Server Allows Anonymous Authentication    Vulnerability
>
> 
>
>
>I am looking at this vulnerability reported from McAfee -- but we use stunnel to secure our communications and not the application directly.
>
>
>Are these settings that I can make within the stunnel config -- or something comparable?
>
>
>SSLProtocol -ALL +SSLv3 +TLSv1
>SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>
>
>_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>_______________________________________________
>stunnel-users mailing list
>stunnel-users at stunnel.org
>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>  



More information about the stunnel-users mailing list