STunnel Cipher List and Qualys SSL Labs Testing

In the wake of all the recent vulnerabilities we have been working hard to make sure that we give the correct information to our customers.

So we decided to setup our latest version of STunnel on our support server (https://support.loadbalancer.org) and test our Cipher Lists with the Qualys SSL Labs site (https://www.ssllabs.com/ssltest).

Using the Cipher List that we gave with our Hot Fix for the Poodle Issue on our v7.6.2 units we got a very nice result:

This also looks to work on nearly every browser that they use to test with, with one exception IE6 on Windows XP!

Now this can be resolved by the looks of things…

If you open your IE Options, and under the ‘Advanced’ tab almost at the bottom you should find ‘Use TLS 1.0′ if you put a tick into this box you should find that with the Cipher we gave things start to work again.

 

Now you will also see that this Cipher List includes the RC4 Cipher. If you remove this Cipher yes you get a much better Qualys result.

Now scroll down to the ‘Handshake Simulation’ section of the page. You will find that most of your Mobile Devices have stopped working so the choice is yours really you can try to make sure that everyone on almost every device works by using:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4:HIGH:!MD5:!aNULL:!EDH

Or you can make you SSL as secure as I’ve been able to find but looks some mobile devices with:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:HIGH:!MD5:!aNULL:!EDH

 

You Can Learn More About the LoadBalancer.org’s Product Line By Going to www.LoadBalancerSolutions.com/LoadBalancer-org

The original article/video can be found at STunnel Cipher List and Qualys SSL Labs Testing

About the Author: Shannon Lewis

Leave a Reply Cancel reply