Stunnel default keylenght and cipher
Sergio Pozo Hidalgo
I'm, testing some secure tunnel applications and I've found that Stunnel
documentation doesn't mention anything (or at least I haven't found it)
about the keylenght of the session key. I have also need to know the
default cipher used for the symmetric part of SSL and its keylenght, and
also ways of changing it.
I know that this is part of the OpenSSL libraty, but anyway I don't know
how to change these parameters.
Does anyone knows about this?
Thank you very much.
--
Sergio Pozo Hidalgo <sergi...@computer.org>
Quivir Group <http://www.lsi.us.es/~quivir/>
Department of Computer Languages and Systems
University of Seville (Spain)
25AE A2DD 9517 A240 0180 5BA3 E69E 69F3 A87C 1E93
Brian Hatch
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> I'm, testing some secure tunnel applications and I've found that Stunnel=
=20
> documentation doesn't mention anything (or at least I haven't found it)=
=20
> about the keylenght of the session key. I have also need to know the=20
> default cipher used for the symmetric part of SSL and its keylenght, and=
=20
> also ways of changing it.
> I know that this is part of the OpenSSL libraty, but anyway I don't know=
=20
> how to change these parameters.
You can choose the cipher to be used by the '-C' (3.x) or 'cipher =3D' (4.x)
options. use 'openssh ciphers' command to get lists of what's
available.
--
Brian Hatch "I mean, it's some guy's
Systems and fantasy -- a love hungry
Security Engineer red-head who will
http://www.ifokr.org/bri/ disappear in the morning,
never to be seen again."
Every message PGP signed
--OEa2bCMk+rg6xBXy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFABAdeP+Nf30gFDwERAl7ZAKCc3M8q3ppyBZinm4eZt3unTxDjogCfVeP7
0GgURSh1l80JuXv8PgZktc8=
=QbQE
-----END PGP SIGNATURE-----
--OEa2bCMk+rg6xBXy--
Sergio Pozo Hidalgo
> You can choose the cipher to be used by the '-C' (3.x) or 'cipher =' (4.x)
> options. use 'openssh ciphers' command to get lists of what's
> available.
OK. I can select cipher now, but with 'openssl' and 'ciphers = '
I only give stunnel one cipher (DHE-RSA-AES128-SHA) at both ends, but I
get a SSL handshake "no shared cipher" error I can't resolve.
Anyway, do you know which is the default cipher, keylength, and auth scheme?
Thank you again.
Regards,
Brian Hatch
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> OK. I can select cipher now, but with 'openssl' and 'ciphers =3D '
> I only give stunnel one cipher (DHE-RSA-AES128-SHA) at both ends, but I=
=20
> get a SSL handshake "no shared cipher" error I can't resolve.
Perhaps you've requested that, but it's not available at both ends.
Do 'openssl ciphers ALL' and make sure it's there on both machines.
AES isn't available on older OpenSSL versions for example.
> Anyway, do you know which is the default cipher, keylength, and auth sche=
me?
No, and no one else can either. It's dependent on how you
installed OpenSSL, and which version it is.
--
Brian Hatch Three kinds of Falsehoods
Systems and Lies
Security Engineer Damned Lies
http://www.ifokr.org/bri/ User Manuals
Every message PGP signed
--bX/mw5riLlTkt+Gv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFABVQfP+Nf30gFDwERAth2AJ9HOzNjGodOk1OQOaHUbY93KP/hUwCgjvng
Z3Fz0yD9eHXQafi7Ohnpqy8=
=56OK
-----END PGP SIGNATURE-----
--bX/mw5riLlTkt+Gv--