Article delegate-en/3784 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3782@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Can I force ssl version 3.0 only?
27 Jun 2007 17:47:39 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Joe,

In message <_A3782@delegate-en.ML_> on 06/28/07(00:37:27)
you "Joe Moore" <pvyhabdyi-lnh3n2ci2gdr.ml@ml.delegate.org> wrote:
 |I recompiled with the new sslway.c and ran with the "-vd" option.

I ment the "-vd" option in TLSCONF as I saw "TSLCONF=-vs" in your
configuration in /usr/sbin/delegated.conf in your miniBSD.  But it is
no more necessary because your problem seems fixed.

 |The good news is that my Nessus scans indicate that SSL version 3.0 is
 |all that is available. WooHoo! The not so good news is that low strength
 |ciphers can still be negotiated. Is there any way to achieve the openssl
 |equivalent of "cipher=HIGH" or "cipher= HIGH:MEDIUM"? I tried:
 |
 |STLS="fcl,sslway -no_ssl2 cipher=HIGH"

You need to specify it as follows to be compatible with OpenSSL:

  STLS="fcl,sslway -no_ssl2 -cipher HIGH"

 |Delegated started and functioned OK but Nessus indicated that ciphers
 |with 40 bit and 56 bit keys were still available.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V