Alas, I am limited to implementing a SSL proxy solution for
backward compatibility with existing software which is based on
a telnet-like protocol. If I simply wanted a secure remote login
service I would use SSH (which I do).
Can a transparent SSL proxy solution along the lines of stunnel
work in principle for plain telnet and similar protocols?
Or is there a sound technical reason why telnet+stunnel cannot
work (at least to the extent of avoiding the client-server
deadlock problem I observe)?
Jeffrey Altman <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
08/03/2002 23:19
Please respond to openssl-users
To: [EMAIL PROTECTED]
cc: OpenSSL User Support Mailing List <[EMAIL PROTECTED]>
Subject: Re: Help! SSL Telnet client-server deadlock problem.
I would suggest that you use a supported implementation of Telnet that
supports START_TLS. Read
http://www.kermit-project.org/telnetd.html
> Please help. I have a major problem with SSL Telnet.
>
> When I connect with SSL-MZtelnet-0.11.2 client from my
> FreeBSD 4.4 box through a SSL proxy to a telnet server on AIX
> 4.3.2 and run "ls -l" command screen output sometimes does not
> complete. If I hit enter then last few lines are displayed.
>
> There is obviously some kind of deadlock situation occurring.
>
> Tried several different SSL proxy software packages, all based
> on OpenSSL: Stunnel, SSLWrap, SSLProxy, DeleGate. Same deadlock
> problem occurs with every one of these to some extent.
>
> Tried upgrading OpenSSL version on AIX - no effect.
>
> Tried running Stunnel proxy on FreeBSD instead of AIX - no effect.
>
> Tried modifying the DeleGate SSL code based on what I read about
> SSL client-sever deadlocks in Eric Rescorla's excellent (but
> too short) book on SSL - no effect but that could be my coding.
>
> I also have a similar deadlock problem when I run a propietary
> application under Windows which uses Telnet over SSL to connect
> to the AIX server.
>
> Any suggestions welcome. I have run out of ideas at this point.
> Are there any other SSL proxies I could try, commercial and free?
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!!
The Kermit Project @ Columbia University includes Telnet, FTP and HTTP
http://www.kermit-project.org/ secured with Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL. Interfaces with
OpenSSH
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
