Michael, This could apply to stunnel. The settings you want for stunnel are called "ciphers" and possibly "sslVersion" that you can reference in the manual.
Those settings should allow you to customize the configuration for stunnel to fix the issue. ----------------- Leandro Avila On Thursday, August 21, 2014 6:08 PM, Michael Curran <[email protected]> wrote: > > >Does this request not apply to stunnel? I don not recall seeing these as >setting within the stunnel configuration file, so this may be an irrelevant >question. > > > >________________________________ >From: [email protected] >To: [email protected] >Date: Thu, 7 Aug 2014 12:55:36 -0500 >Subject: [stunnel-users] SSL Server Allows Anonymous Authentication >Vulnerability > > > > >I am looking at this vulnerability reported from McAfee -- but we use stunnel >to secure our communications and not the application directly. > > >Are these settings that I can make within the stunnel config -- or something >comparable? > > >SSLProtocol -ALL +SSLv3 +TLSv1 >SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM > > >_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > >_______________________________________________ >stunnel-users mailing list >[email protected] >https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > > _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
