(START)TLS between servers?
Florian Schlichting
fschlich at CIS.FU-Berlin.DE
Mon Apr 4 07:49:49 UTC 2011
On Sat, Apr 02, 2011 at 08:53:09PM +0200, Julien ÉLIE wrote:
> >Since INN does support STARTTLS when clients connect, it might not
> >be a big change to support it when servers do?
>
> I believe it is of low priority because of the fact that stunnel can
> be easily implemented (though it logs everything as coming from
> "localhost" as far as I know ??? never tested myself).
Current stunnel4 has an option to run in transparent proxy mode, which
will cause connections to to look like they're coming from the ssl
client rather than the proxy server. They say it only works on Linux,
though, and if you cannot have your daemon executed directly by stunnel
in the way inetd would do, the stunnel proxy has to run on a different
host on the default route between client and server.
Having said that, stunnel _is_ straight-forward to set up and has proven
very stable in providing ssl for our pre-ssl nnrpd.
Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5557 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20110404/b6326135/attachment.bin>
More information about the inn-workers
mailing list