Package: stunnel4 Version: 3:4.29-1 I have not tagged severity. Is it a real security issue?
In my stunnel.conf I tried:-- options = SSL_OP_CIPHER_SERVER_PREFERENCE It gave "Illegal SSL option" and did not start. Trying to set SSL_CTX_set_options(3ssl) SSL_OP_CIPHER_SERVER_PREFERENCE. <https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls> In my stunnel.conf I also have:-- options = NO_SSLv2 options = NO_SESSION_RESUMPTION_ON_RENEGOTIATION options = SINGLE_DH_USE ciphers = RC4-SHA:HIGH:!ADH They are aware of this upstream. <https://www.stunnel.org/pipermail/stunnel-users/2012-May/003744.html> May also be fixed. <https://www.stunnel.org/pipermail/stunnel-users/2012-May/003745.html> > I guess you either use and old stunnel, or an old version of OpenSSL. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
