> If we make stunnel to run on port 443 to forward connections to port 80 of > the http server locally. Will the client have problem speaking with > stunnel ? > > run stunnel on 443 and configure it to > forward to port 80 on localhost.
The client shouldn't have any problem since stunnel will handle the SSL handshake/encryption while the HTTP protocol will be handled by your webserver over the forwarded connection. CLIENT <----http/ssl/tcp---> STUNNEL <-----http/tcp-----> WEBSERVER NOTE: Read http/ssl/tcp as "HTTP over SSL over TCP" > I did not understand this point, can you kindly explain more. > > SSH connection can support multiple channels which is a potential > security risk (indeed!) > While using OpenSSH forwarding, you might notice that you are able to work on a shell as well as support forwarding of multiple connections, even though, the OpenSSH client has established only one connection to the remote host (OpenSSH server). This is because the SSH protocol defines Channels/Session to keep track of various tasks. Security problem arises because the protocol does not define any restriction on opening a channel. Which means, throughout the lifetime of the TCP connection, a channel can be opened for any of the tasks. OpenSSH have extended the protocol which sends a message no-more-sessions to indicate no more channel open requests but when forwarding this cannot be done because you need to accept new connections to be forwarded. No worries if you are unable to clearly understand the above para. It is a little technical. In general, OpenSSH is highly secure but security is not absolute so you just need to go with what you think is acceptable for you. -- 0 _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
