From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <857fc7b9048629e29563854dcea6e3e7@9fs.org> To: 9fans@cse.psu.edu Subject: Re: [9fans] tlssrv From: nigel@9fs.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-fgwxsungnquufbtgmlyuowmitq" Date: Mon, 17 Jun 2002 12:08:31 +0100 Topicbox-Message-UUID: b0c89f46-eaca-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-fgwxsungnquufbtgmlyuowmitq Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit To my mind, tlssrv equals stunnel server mode. Thus, a tlsclient program equivalent to stunnel -c would seem to be the next step. --upas-fgwxsungnquufbtgmlyuowmitq Content-Type: message/rfc822 Content-Disposition: inline Received: from 9fs.org ([192.168.100.103]) by 9fs.org; Mon Jun 17 10:29:53 BST 2002 Received: from mail.cse.psu.edu ([130.203.4.6]) by 9fs.org; Mon Jun 17 10:29:52 BST 2002 Received: from psuvax1.cse.psu.edu (psuvax1.cse.psu.edu [130.203.16.6]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 7173219ABF; Mon, 17 Jun 2002 05:29:49 -0400 (EDT) Delivered-To: 9fans@cse.psu.edu Received: from mercury.bath.ac.uk (mercury.bath.ac.uk [138.38.32.81]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 412A0199BF for <9fans@cse.psu.edu>; Mon, 17 Jun 2002 05:28:18 -0400 (EDT) Received: from news by mercury.bath.ac.uk with local (Exim 3.12 #1) id 17Jsao-0003iI-00 for 9fans@cse.psu.edu; Mon, 17 Jun 2002 10:14:34 +0100 Received: from GATEWAY by bath.ac.uk with netnews for 9fans@cse.psu.edu (9fans@cse.psu.edu) To: 9fans@cse.psu.edu From: Christopher Nielsen Message-ID: <16c222b6.0206141730.352cb2c2@posting.google.com> Organization: http://groups.google.com/ Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit References: Subject: Re: [9fans] tlssrv Sender: 9fans-admin@cse.psu.edu Errors-To: 9fans-admin@cse.psu.edu X-BeenThere: 9fans@cse.psu.edu X-Mailman-Version: 2.0.11 Precedence: bulk Reply-To: 9fans@cse.psu.edu List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.cse.psu.edu> List-Archive: Date: Mon, 17 Jun 2002 09:14:27 GMT On a related note, tlssrv seems to be aimed at wrapping the server side in tls. In my quest to secure all of my traffic via encrypted connections, I'd like to wrap my vnc connections from my Plan 9 terminal to my FreeBSD server in tls/ssl. There doesn't appear to be anything currently available to do so, unless I'm missing something about tlssrv. It'd be easy enough to teach vncv to speak tls/ssl, but it might be better to solve the problem with a sort of tls/ssl wrapper like stunnel (http://www.stunnel.org/). Options I see: o teach vncv to use tls/ssl o teach tlssrv to behave like stunnel o write a new tool to do what tlssrv does but on the client side I'm thinking that teaching tlssrv to operate this way would be the way to go, but I'd like some feedback on what others think about this before I write the code. Thoughts? -- Christopher Nielsen - Metal-wielding pyro techie "Those who are willing to trade freedom for security deserve neither freedom nor security." --Benjamin Franklin --upas-fgwxsungnquufbtgmlyuowmitq--