Il 01/10/2014 22:23, Wouter Verhelst ha scritto: > Hi, > > On Fri, Sep 05, 2014 at 03:26:09PM +0200, Wouter Verhelst wrote: >> Tunneling the entire protocol inside an SSL connection doesn't fix that; >> if an attacker is able to hijack your TCP connections and change flags, >> then this attacker is also able to hijack your TCP connection and >> redirect it to a decrypting/encrypting proxy. >> >> I agree that preventing a possible SSL downgrade attack (and other forms >> of MITM) should be high on the priority list, but "tunnel the whole >> thing in SSL" doesn't do that. > > So, having given this some thought, I wanted to come up with a spec just > so that we had something we could all agree on. As part of that, I had a > look at qemu-nbd, and noticed that it uses the "oldstyle" handshake > protocol (on port 10809 by default -- ew, please don't do that).
Can you use new-style handshake with a single unnamed export? Export names are a useless complication for qemu-nbd. Paolo ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Nbd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nbd-general
