On Wednesday 01 April 2015 14:37:59 Michael Felt wrote: > re: use of a stunnel - how does this turn 40-bit https into >40-bit https. > Sounds like a man-in-the-middle I do not want to know about (but should > learn about just the same - aka the sand is not so deep I can bury my head > completely :) Yes, it is literally a "man in the middle", the point is, that this man is *you*, and as such, you can trust him, at least as much as you can trust the server itself It's the same way a reverse proxy turns a local HTTP server running on port 8080 (or any other for that matter) into a proper HTTPS server. Or in other words, it's to turn something like this: | trusted network here client .-,( ),-. __ _ .-( )-. router server [__]|=| ---->( internet )-------> __________ ------> ____ __ /::/|_| SSLv2 '-( ).-' SSLv2 [...__...°] SSLv2 | | |==| '-.( ).-' |____| | | /::::/ |__| into something like this: | trusted network here client .-,( ),-. __ _ .-( )-. router server [__]|=| ---->( internet )-------> __________ ------> ____ __ /::/|_| TLS1.2 '-( ).-' TLS1.2 [...__...°] SSLv2 | | |==| '-.( ).-' ↑ |____| | | stunnel /::::/ |__| (diagram taken from http://unix.stackexchange.com/a/126638) -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev