Re: SSL proxy server
Why don't you just ssh with port forwarding and only have the webserver
listen locally? This will encrypt all the traffic and you wouldn't have to
worry as much about secureity holes in the web server.
Douglas Blood
----- Original Message -----
From: "Costas Magos" <kmag@lab.epmhs.gr>
To: <debian-security@lists.debian.org>
Cc: <slab@lab.epmhs.gr>
Sent: Monday, May 05, 2003 9:03 AM
Subject: SSL proxy server
> Hello all,
>
> My new problem is not exactly debian-related but is surely
> security-related :-) Anyway, I need desperately your security expertise
> so here it goes:
>
> I am running a proprietary tacacs+ server that comes bundled with its
> own web server used as management interface. The web server is also
> commercial (a netscape server) on which it is nearly impossible to
> enable SSL. As you can imagine, I need to access the web interface
> through SSL..
>
> Is it possible to create an SSL tunnel using stunnel or something
> similar to protect the web transactions? How can this be done? Another
> solution that I am thinking of (and prefer) is setting up a proxy
> apache-ssl server on the same machine (or another machine on the same
> DMZ) so that SSL communication is conducted with the proxy across the
> firewall and unecrypted traffic is confined in the DMZ. Is that
> possible? Can anybody help me in any way with such a configuration?
>
> Thanks all in advance.
>
> Costas Magos
> Ariadne-t Network
> ~kmag
> ------------------------------------------------------------
> Please do not CC me, as I am subscribed to debian-security
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
Reply to: