Question

How to configure cipher suites in the Stunnel software

Answer

Some users might want to limit the cipher used for VAST2 SSL communication when using the TSL 1.2 or TSL 1.3 protocols. In order to do that they need first check the following:

• Stunnel version is 5.51 or above
• OpenSSL is 1.1.1 or above

VAST2 2.12.0.6200 Stunnel is version 5.56 and uses OpenSSL 1.1.1k so if you are using this version or above you will be able to configure cipher suites. To configure please do the following:

Step 1. Stop the VAST2 service.

Step 2. Go to the following path: C:\Program Files (x86)\VIVOTEK Inc\sTunnel.

Step 3. Using a program editor (notepad can also work for this) open the stunnel.conf file. Be sure to open the file using administrative permissions. 

Step 4. In the configuration file, add or modify the line starting with "ciphers". This line is where you specify the cipher suites that Stunnel will use. The syntax is as follows:

ciphersuites = SUITE1:SUITE2:SUITE3

Once finished, save your changes and close the configuration file.

Step 5. Start the VAST2 service.

Once the server initializes, it will automatically apply the changes to the tunneled connection. 

Note: Please remember to consult Stunnel's official documentation for the most accurate and up-to-date information. Also, always choose strong, secure cipher suites that are not deprecated or vulnerable to known attacks.