[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: Re: [stunnel-users] STUNNEL --- How to chose the AES cipher with TLS v1.2
From: Leandro Avila <leandro.avila () ymail ! com>
Date: 2013-02-14 19:50:37
Message-ID: 1360871437.58086.YahooMailNeo () web111008 ! mail ! gq1 ! yahoo ! com
[Download RAW message or body]
Kevin,
The configuration directives that are relevant in this case
are
sslVersion = TLSv1.2
ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM \
-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA \
384:AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-DS \
S-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256
Keep in mind that TLS 1.2 is not widely deployed. So if you need
backward compatibility you might want to enable SSLv3, TLSv1, TLSv1.1
The documentation in the link you provided should allow you to tweak the ciphers you \
want http://www.openssl.org/docs/apps/ciphers.html
-----------------
Leandro Avila
----- Original Message -----
> From: Editor <editor@cellmail.com>
> To: stunnel-users@stunnel.org
> Cc:
> Sent: Monday, February 4, 2013 2:20 PM
> Subject: [stunnel-users] STUNNEL --- How to chose the AES cipher with TLS v1.2
>
> Hi to all:
>
> In reading the FAQ and looking at the sample configuration file, I do not see an
> example of how to correctly configure the application to use the more current
> AES-256 or the AES-128 cipher configurations.
>
> I do have the current OpenSSL on the host (a Sun SPARC box). The idea is to use
> this host as a SSL proxy for a number of services.
>
> I did see this reference:
>
> options = CIPHER_SERVER_PREFERENCE
>
> But not how to then set the SSL cipher except as I found on Google.
>
> There was this on the MAN page but it seems to fail in my configuration:
>
> ciphers = cipherlist Select permitted SSL ciphers. A colon delimited list of the
> ciphers to allow in the SSL connection. For example DES-CBC3-SHA:IDEA-CBC-MD5
>
> Thanks.
>
> Kevin
>
> Reference Ciphers supported by OpenSSL:
> http://www.openssl.org/docs/apps/ciphers.html
>
>
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users@stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic