Hello.

Sorry about the delay replying.

On Thu, Mar 02, 2006 at 03:11:44PM +0100, Bas Zoetekouw wrote:
> telnet-ssl doesn't seem to use ssl by default, even if it is available
> on the server-side.  This kind of defeats the purpose of having a SSL
> telnet.
> 
> I have configured my server to only accept SSL enabled connection.
> When just trying "telnet-ssl localhost", I get an error:
> SSL_accept error error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
> protocol
> and telnet hangs for a few seconds and then disconnects.
> 
> Everything works perfectly if I use "telnet-ssl -z ssl localhost"
> 
> What I would expect to happen by default, is for telnet-ssl first to try
> an SSL-encrypted connection, and only fall back to a normal telnet
> connection if the server doesn't support it.

The problem is that there are two ways to do ssl with telnet.
The way you are doing it (with -z ssl) makes a SSL connection
then runs telnet over it. The other way is to make a telnet connection
then use telnet option negotiation to negotiate SSL.

telnet-ssl tries to negotiate SSL using telnet option negotiation and
then (depending on configuration) falls back to a normal telnet
connection, but needs to be explicitly told to use telnet-over-ssl.

Changing the server configuration to use standard ssl-over-telnet
(ie without -z ssl) should make telnet-ssl work as expected.

regards,

Ian.

-- 
Ian Beckwith - [EMAIL PROTECTED] - http://nessie.mcc.ac.uk/~ianb/
GPG fingerprint: AF6C C0F1 1E74 424B BCD5  4814 40EC C154 A8BA C1EA


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to