[stunnel-users] none cipher

Michal Trojnara Michal.Trojnara at mirt.net
Mon Jun 9 15:44:12 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Sullivan wrote:
> How can I use the none cipher with SSL?

"ciphers = NULL" should do it, although personally I haven't tried it.
Make sure to configure it on *both* server and client.  Otherwise the
peer will refuse to accept the NULL cipher.

> which ciphers allow for the best throughput?

Raw throughput of the symmetric cipher is rarely the bottleneck for
SSL (except for network links faster than 1gbps or very slow CPUs).
More often it's either network stack/hardware or asymmetric encryption.

To identify the fastest ciphers on your particular platform use:
    openssl speed

I think CAMELLIA128 provides a nice balance between security and
performance:
	http://en.wikipedia.org/wiki/Camellia_(cipher)

RC4 is much faster, but not nearly as secure.
Unfortunately OpenSSL does not support any modern stream ciphers...

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOVuiwACgkQ/NU+nXTHMtE6lQCdEheh4WazDb0Yt0drsVGzKUWW
Cv4AoIgnxUh6+M54iWbdNqEA3lrj6TVV
=Q8XB
-----END PGP SIGNATURE-----



More information about the stunnel-users mailing list