opened OpenSSL port
Cassius V. de Magalhaes
cassius at cassius.vinicius.nom.br
Sun Feb 27 22:23:10 UTC 2011
Em 27/02/2011 06:50, erikmccaskey64 escreveu:
>
> Main question: is it safe, to open a port for an openssl server?
>
> e.g.:
>
> server side - generate a self-signed cert.
> time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout
> mycert.pem -out mycert.pem
> openssl s_server -accept 52310 -cert mycert.pem
>
> Is it secure? - it could be DOSed' [DenialofService] or could it be
> attacked in any way?
>
> Are there any iptables rule for restricting connections to dyndns names?
>
> e.g.: only allow connection from "asdfasdf.dyndns.com" and
> "asdfasdf2.dyndns.com" and "asdfasdf3.dyndns.com"?
>
> How could i restrict the openssl server to only accept traffic from
> given clients? Please help me "think"..
>
> Or are there any "production ready" methods, that can do
> authentication too? [+using ssl].
> "openssl s_server" and "openssl s_client" would be perfect, but the
> problem is it doesn't has username/password auth :\
>
> Thank you for any help.
It's a too general question.
Do you want a ssl tunnel between the first machines to
asdfasdf.dyndns.com and asdfasdf2.dyndns.com and asdfasdf3.dyndns.com?
You can use stunnel, or tunnel using SSH.
Regards.
More information about the ubuntu-users
mailing list