On Wednesday 01 April 2015 14:37:59 Michael Felt wrote:
> re: use of a stunnel - how does this turn 40-bit https into >40-bit https.
> Sounds like a man-in-the-middle I do not want to know about (but should
> learn about just the same - aka the sand is not so deep I can bury my head
> completely :)
Yes, it is literally a "man in the middle", the point is, that this man is
*you*, and as such, you can trust him, at least as much as you can trust the
server itself
It's the same way a reverse proxy turns a local HTTP server running on port
8080 (or any other for that matter) into a proper HTTPS server.
Or in other words, it's to turn something like this:
| trusted network here
client .-,( ),-.
__ _ .-( )-. router server
[__]|=| ---->( internet )-------> __________ ------> ____ __
/::/|_| SSLv2 '-( ).-' SSLv2 [...__...°] SSLv2 | | |==|
'-.( ).-' |____| | |
/::::/ |__|
into something like this:
| trusted network here
client .-,( ),-.
__ _ .-( )-. router server
[__]|=| ---->( internet )-------> __________ ------> ____ __
/::/|_| TLS1.2 '-( ).-' TLS1.2 [...__...°] SSLv2 | | |==|
'-.( ).-' ↑ |____| | |
stunnel /::::/ |__|
(diagram taken from http://unix.stackexchange.com/a/126638)
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech RepublicAttachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
