David Latil wrote:
I have a somewhat bizarre project on my plate. I have been tasked to come up
with a secure proxy of sorts that uses SSH over SSL (I mean to actually encrypt
SSH with SSL, not just tunnel through a proxy). In the end, we would be using
port forwarding over SSH for HTTP traffic.
being SSH is an application level protocol, I don't see why I could not replace
the standard TCP connection that it uses with SSL. Why you ask? the theory is
if encryption via SSL is secure then if you doubly encrypt using SSH then you
are doubly secure, supposedly there is some form of data compression built into
SSH that may be benefitial, you could go through the firewall friendly port
443, and you could use other higher level protocols through the SSH port
forwarding feature.
I'm not very experienced programming with SSL, but I'm heavily researching the
concepts at this stage, I'm a bit skeptical to say the least of the
cost/benefits of this.
I sure would appreciate if someone could tell me if this is a bad idea and why,
the more I know now at this time the better.
It would only be a bad idea if you were actually to implement it. ;-)
What's the problem you're trying to solve? What set of requirements
is driving this (e.g. firewall traversal where SSH is not permitted,
even on port 443, but HTTPS is)?
Double encryption isn't always like belt-plus-suspenders -- sometimes
it's like pulling your zipper up, then down. Google MITM (Meet in
the Middle) Attack.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
