David Latil wrote:
The problem: we simply have a web application running that we are
trying to provide encryption and authentication. An idea was pitched
of a proxy of sorts that would allow not just http traffic, but
others through this tunnel securely. It was pitched specifically as
ssh over ssl and the customer bit. The goal was security and ease of
firewall traversal. The server side was thought to be some form of
Twisted (a python server of sorts) on port 443. I'm just trying to
make sure if ssh over ssl is sane or if anyone else has already done
this.
Anyway:
When it comes to efficiency, I don't think wrapping ssh into http
(httptunnel) would be better than just digging into an ssh
implementation and inserting ssl at the transport level. What do you
think? Correct me if I'm wrong, if there are some issues I'm not
seeing let me know
Isn't the MITM risk quite avoidable, just be sure to not use the same
encryption keys or algorithm?
Thanks David
Have you considered WSDL/Web Services? You did say "web application".
Is SOAP/WSDL/Web Services an option for your web application?
--
Thomas Hruska
Shining Light Productions
Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/
Ask me about discounts on any Shining Light Productions product!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
