Of Jeffrey Barnard
Sent: Friday, August 10, 2007 4:07 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: SSL Confusion
Tom,
Using Linux to proxy an SSL connection is easy. The Linux can be a PC
behind your firewall, a Linux on z system, whatever ...
Symbion SSL Proxy (open source for Linux/Unix
On Tuesday, 08/14/2007 at 11:26 EDT, Mrohs, Ray [EMAIL PROTECTED]
wrote:
I just did the same with stunnel provided with SLES10. It seems to work
fine. Now what are the disadvantages compared to SSLSERV?
It's the same as the pre-z/VM 5.3 support, requiring the client to
establish the SSL
On Aug 14, 2007, at 12:26 PM, Alan Altmark wrote:
On Tuesday, 08/14/2007 at 11:26 EDT, Mrohs, Ray
[EMAIL PROTECTED]
wrote:
I just did the same with stunnel provided with SLES10. It seems to
work
fine. Now what are the disadvantages compared to SSLSERV?
It's the same as the pre-z/VM 5.3
I just did the same with stunnel provided with SLES10. It seems to
work
fine. Now what are the disadvantages compared to SSLSERV?
Not an exhaustive list:
Stunnel positives:
Uses OpenSSL, so the crypto engines work
Reference implementation of SSL, so more likely to be familiar to
non-mainframe
In the last month, there has been several threads on SSL servers. I lightly
read them, but didn't think it was something of interest, here, in the near
term.
Well, things change. Time to get ahead of the curve.
We might be headed towards TN3270 sessions with SSL.
I searched on SSL on the
The SSLSERV package from Sine Nomine works rather well with your a) choic
e.
I would stay away from your b) choice because you tend to get into having
userids on the z/Linux and all the attendant
administrative/auditing/security overhead. You do not need a z/VM userid
to
connect to the z/VM
Tom,
Using Linux to proxy an SSL connection is easy. The Linux can be a PC
behind your firewall, a Linux on z system, whatever ...
Symbion SSL Proxy (open source for Linux/Unix/Unixware)
to start the proxy
./ssl_proxy -m max connections -s listen address -c mainframe
address (client address
On Aug 10, 2007, at 2:52 PM, Tom Duerbusch wrote:
1. Are there two varients to the SSL/Linux world
a. z/VM way as documented
b. Perhaps a zLinux way where we connect directly into Linux
first and then a clear text session is sent to the 390 side?
I didn't catch if there was
