RE: Stunnel Problems

From: Bugtraq (ivan.buetler@csnc.ch)
Date: 12/07/01


From: "Bugtraq" <ivan.buetler@csnc.ch>
To: "Stuart" <stuart.hackinfo@btinternet.com>, <pen-test@securityfocus.com>
Date: Fri, 7 Dec 2001 11:17:07 +0100

try out

        a) archilles (NT Tool)
        b) sslproxy (NT Tool)

where we compiled the sslproxy some time ago (http://www.csnc.ch/) download
section. Pls. note. archilles is a cool tool as well, where archilles
supports "proxy" protocolls (sslproxy doesn't yet) and http session
interception.

-ivan

-----Original Message-----
From: Stuart [mailto:stuart.hackinfo@btinternet.com]
Sent: Friday, December 07, 2001 1:14 AM
To: pen-test@securityfocus.com
Subject: Stunnel Problems

Hi,

I am having a problem with Stunnel (3.21c) whilst attempting to do a reverse
ssl Proxy. (both on linux and windows)

I am attempting to access a Web Server sat behind Netscape (NetCache?) 3.5
proxy. Here is what I am doing.

stunnel -c -d 80 -r <remotehost>:443
and point a browser on local host to 80.

and I get this error....
"Insufficient encryption
This document requires a larger secret key size for encryption than your
browser is capable of supporting."

but...
when I complile OPENSSL (latest version, using the dlls for stunnel too) and
run openssl.exe and the following commands...

s_client -connect <remotehost>:443

and do a banner grab

GET / HTTP/1.1
it works.

I was wondering if anybody could help me to get it working correctly though
a browser window?

Has anyone else had any problems with Stunnel before? It seems to be
reasonably site specific - it works fine with several sites that all report
SSLv3, RC4 128bit, 1024bit key when I use IE5 to connect to them - and this
is the same as the site that is causing problems. Thats why I'm wondering it
the Netscape Proxy in front of the server has anything to do with it?

thanks
Stuart
IT Security Consultant, UK

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • R: Pen-Testing help (Compaq Insight & htsearch)
    ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Application & Iplanet/Apache web server vulnerability and penetration testing
    ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)