Re: Adding SNI support to SSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

On Mon, Jan 13, 2020 at 10:52:15PM +0100, Nico Schottelius wrote:
> Even with the server sending first, this does not look very hard to
> me. As a sketch:
> 
> client->proxy [tcp connect]
> proxy->client [SSH-2.0-Proxy_1]
> client->proxy [SNI]
> proxy->endhost [tcp connect]
> endhost->proxy [SSH-2.0-OpenSSH_8.1]
> proxy->endhost [SNI]
> 
> From this state on the proxy can forward all traffic from both sides.

Sure.  But if you do it that way, the client loses information on which
server implementation it is talking to - and given the number of bugs
and caveats that are worked around in the client based on the 
"SSH-2.0-$product" message, I see this as non-optimal way forward.


> > (and back to square one, might take longer to roll out upgraded clients
> > than to roll out v6 to those clients).
> 
> That's quite an interesting challenge. I'd love you being right here.

IPv6 is, at least here in DE, nicely happening in many access networks
(cable, DSL, mobile - vodafone.DE started supporting it recently!).

Where IPv6 is quite lacking is "content", so I applaud your efforts :-)

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert@xxxxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux