> I just did the same with stunnel provided with SLES10. It seems to work > fine. Now what are the disadvantages compared to SSLSERV?
Not an exhaustive list: Stunnel positives: Uses OpenSSL, so the crypto engines work Reference implementation of SSL, so more likely to be familiar to non-mainframe people Available on multiple platforms (common operations and knowledge). Stunnel negative: Not transparent (requires setup for each port) Not dynamic (can't handle FTP) Unwraps traffic short of the application (may violate some regulatory requirements) Requires ports for non-encrypted service to be open (no firewall capability on VM TCP stack) Not supported by IBM IBM SSLSERV positives: Supported by IBM Dynamic (can handle FTP) Transparent to apps Does not require open ports for non-encrypted services IBM SSLSERV negatives: Doesn't use crypto engines (based on non-crypto aware implementation) Delivers encryption all the way to destination application Difficult to configure and maintain. Available only on VM We have appliance versions of both approaches.
