> I've a question about SSL protocol. Can anyone help me?
>
> I've modifying SSL-MZtelnet in order to be able to authenticate using
> an SmartCard. But, once It is working i'd like to be able to telnet to
> my host without SmartCard authentication.
>
> For example: In order to be authenticated without password (only
> verifying my cert) i must put -z certrequired & -z certsok options on
> SSLtelnetd, but in this way it doesn't allow me to connect without
> using a cert (normal telnet with login&passwd).
>
> Is there any way to allow connection authenticated by cert, and others
> without cert?
>
> Is there any way to client answer a CERT REQUEST (from server) with a
> NEGATIVE answer and normal telnet (with SSL) continues?
>
> Can anyone help me?
>
Please don't add new features to MZtelnet. The Telnet AUTH SSL method
is not secure. Not because SSL isn't secure, but because the Telnet
negotiations that lead up to the SSL negotiation are not secure.
Telnet AUTH SSL is also not an IETF standard and was never properly
approved by IANA.
The perfered method for performing SSL/TLS in conjunction with Telnet
is the Telnet START_TLS option.
Now to answer the question. In order for some clients to be allowed
to authenticated via SSL and others to be allowed in via password
prompt you must configure the telnetd to require certs. A client that
offers a cert should have it verified, if not than they should be
given a login prompt.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
