7.1-current SSL

Tim timwoj at ieee.org
Sun Nov 21 12:31:10 EST 2004


I'm not entirely sure I see the point of not allowing connections via 
ssl on a per-user basis.  If anything I'd think you'd want it the other 
way around.  We closed down our connections via non-ssl to only server 
connections, but that's simply by not letting the users know what other 
ports they can get to (yes, security through obscurity is bad).

I agree that if this is wanted, it probably belongs in the auth block 
not in a block by itself.

On Nov 21, 2004, at 8:56 AM, Rachel Llorenna wrote:

> There's no point in doing that. I think that the connection would have
> already been accepted by the server before it gets the hostname/identd
> of the connecting user, so the only choice would be to drop them after
> the keyexchange and all of  that. What would you hope to accomplish by
> dropping people that aren't supposed to be using SSL? Besides, I think
> that kind of stuff belongs in auth {} blocks anyways... ssl = yes;,
> perhaps.
>
> On Sun, 21 Nov 2004 09:37:17 +0100, Mateusz Szczyrzyca
> <annihilator at ircnet.pl> wrote:
>> Dnia Sat, Nov 20, 2004 at 07:36:30AM -0700, Tim napisał(a):
>>
>>> [cut]
>>
>> Can you add into patch separate section conf (e.g. ssl{}) which
>> will has hosts allow connect via ssl?
>>
>> I think about this:
>>
>> ssl {
>>         user = "host1";
>>         user = "host2";
>>         user = "host3";
>>         ...
>> };
>>
>> --
>> -> Best regards <-
>> -> mateusz[]magellan.net.pl ; JID: mateusz at jabber.atman.pl ; GG: 
>> 1005520
>> -> IRC Server: krakow.ircnet.pl, channels: #help, #polska, #linux, 
>> #ircd,
>> -> as Annihilator
>>
>
>
> -- 
> Regards,
>
> Rachel Llorenna (frequency)





More information about the hybrid mailing list