On 2013-11-04 18:12, Simner, John wrote: > To prevent man-in-the-middle attacks, the phone should be able to > handle the fragmented TLS block when CBC protection is activated on > the client tomcat server. > > > > I have been unable to find the appropriate stunnel configuration item > to support this. > > Please could you inform me how this is handled through stunnel. >
There is no option to *enable* CBC protection, as this is the default. Use "options = DONT_INSERT_EMPTY_FRAGMENTS" to disable this secure default. Mike
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
