Alfred Kernaghan wrote: > apart from the fact with the default combination the ciphers and > security are incorrect (BEAST/CRIME vulnerable) Unfortunately I don't think anymore that RC4 is a better choice: http://nakedsecurity.sophos.com/2013/03/16/has-https-finally-been-cracked/ http://ssl.entrust.net/blog/?p=1887 Also see some initial results of my own research of this topic: http://mike.mirt.net/AlFBPPS-4.png The ultimate solution would be to use TLS/1.2, which is already supported in stunnel. All we can do is to wait for client support. I think AlFBPPS attack is in most cases much easier to exploit than BEAST and Lucky Thirteen attacks for most practical scenarios. As for CRIME: stunnel has compression turned off by default since version 4.51.
> Short of wiping the machine completely and re-installing, can anyone > think of anything else I can try? Please collect a stack backtrace: https://www.stunnel.org/pipermail/stunnel-users/2005-June/000551.html Mike
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
