7.1-current SSL
Tim
timwoj at ieee.org
Sun Nov 21 12:31:10 EST 2004
I'm not entirely sure I see the point of not allowing connections via
ssl on a per-user basis. If anything I'd think you'd want it the other
way around. We closed down our connections via non-ssl to only server
connections, but that's simply by not letting the users know what other
ports they can get to (yes, security through obscurity is bad).
I agree that if this is wanted, it probably belongs in the auth block
not in a block by itself.
On Nov 21, 2004, at 8:56 AM, Rachel Llorenna wrote:
> There's no point in doing that. I think that the connection would have
> already been accepted by the server before it gets the hostname/identd
> of the connecting user, so the only choice would be to drop them after
> the keyexchange and all of that. What would you hope to accomplish by
> dropping people that aren't supposed to be using SSL? Besides, I think
> that kind of stuff belongs in auth {} blocks anyways... ssl = yes;,
> perhaps.
>
> On Sun, 21 Nov 2004 09:37:17 +0100, Mateusz Szczyrzyca
> <annihilator at ircnet.pl> wrote:
>> Dnia Sat, Nov 20, 2004 at 07:36:30AM -0700, Tim napisał(a):
>>
>>> [cut]
>>
>> Can you add into patch separate section conf (e.g. ssl{}) which
>> will has hosts allow connect via ssl?
>>
>> I think about this:
>>
>> ssl {
>> user = "host1";
>> user = "host2";
>> user = "host3";
>> ...
>> };
>>
>> --
>> -> Best regards <-
>> -> mateusz[]magellan.net.pl ; JID: mateusz at jabber.atman.pl ; GG:
>> 1005520
>> -> IRC Server: krakow.ircnet.pl, channels: #help, #polska, #linux,
>> #ircd,
>> -> as Annihilator
>>
>
>
> --
> Regards,
>
> Rachel Llorenna (frequency)
More information about the hybrid
mailing list