Shane Hathaway wrote:

> But you don't need reliability compensation to multiplex.  SSH assumes 
> the transport layer is reliable.  So an SSH tunnel and an SSL tunnel are 
> virtually synonymous.

They're not really, but yeah, I was wrong :)

A SSL forwarder takes a packet, and then sends over another TCP 
connection that happens to be encrypted. It's basically a TCP port 
forwarder. Multiple client connections through the local SSL forwarder 
(e.g. stunnel) will run over *multiple* outgoing streams:

client --> stunnel on localhost ---> stunnel on www.foo.com ----> server 
on www.foo.com

SSH OTOH uses a multiplexing protocol, where multiple streams of data 
run over the same connection, and each have their own flow control. 
Multiple client connections over a SSH port forwarder will run over the 
same *single* stream.

A third thing is TCP over TCP, i.e. PPP over SSH or SSL, which functions 
as a full network connection.

> The Python standard library has good support for an SSL client but not 
> for an SSL server.

pyOpenSSL is good for both servers and clients. Could be better, but 
it's easy
to start using it, especially for select() based servers (its thread-safety
is iffy). Twisted's SSL stuff uses it, and latest version of pyOpenSSL 
may have asyncore example.


_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to