[stunnel-users] some thoughts of add ftp server proxy support to stunnel4. comments required
Brian Hatch
bri at stunnel.org
Fri Jul 29 06:11:45 CEST 2005
> Any suggestions will be appreciated.
Not that they're nice suggesions:
1) don't use Stunnel for something as already broken as
ftp. If you must use ftp w/ ssl support, get an ssl
enabled ftp server, such as proftpd.
2) ssl-protected ftp is not going to work through firewalls
nicely because the firewall can't inspect the packets
to re-write the IP addresses, or allow the ephemeral
ports, so you're stuck hoping they have a permissive
outbound firewall, you've got dedicated ports open on
your firewall that allow anything from anyone without
restriction and your ftp server is hard coded to use
only ephemeral ports in that range, and that the client
uses passive ftp only because active just plain won't work.
3) ftp icky. icky icky icky icky.
--
Brian Hatch "So, how did you find about all of this?"
Systems and "I'm ... a telepath ... Work it out."
Security Engineer
http://www.ifokr.org/bri/
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050728/276c3f4a/attachment.sig>
More information about the stunnel-users
mailing list