[DeleGate-En] Re: Can I force ssl version 3.0 only?
In message <_A3782@delegate-en.ML_> on 06/28/07(00:37:27)
you "Joe Moore" <email@example.com> wrote:
|I recompiled with the new sslway.c and ran with the "-vd" option.
I ment the "-vd" option in TLSCONF as I saw "TSLCONF=-vs" in your
configuration in /usr/sbin/delegated.conf in your miniBSD. But it is
no more necessary because your problem seems fixed.
|The good news is that my Nessus scans indicate that SSL version 3.0 is
|all that is available. WooHoo! The not so good news is that low strength
|ciphers can still be negotiated. Is there any way to achieve the openssl
|equivalent of "cipher=HIGH" or "cipher= HIGH:MEDIUM"? I tried:
|STLS="fcl,sslway -no_ssl2 cipher=HIGH"
You need to specify it as follows to be compatible with OpenSSL:
STLS="fcl,sslway -no_ssl2 -cipher HIGH"
|Delegated started and functioned OK but Nessus indicated that ciphers
|with 40 bit and 56 bit keys were still available.
9 9 Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller