Re: Java Applet Client for STUNNEL-fronted server

Hi

I posted some SSLSocket code in your next question, so I assume
all is set here.

Yeah, Rockin' and Rollin' thanks again Arne. (At least I hope so, I haven't
gotten around to testing it yet (with Stunnel), and am currently
experiencing the joys of porting my Internet Explorer JavaScript/HTML to
Firefox :-) On the upside, the Applet stuff worked straight away)

Having said that there is a related topic that you might be able to assist
me with though: -

"The TCP/IP Out-of-band character with Java->SSL->Stunnel."

I know Java can't receive OOB data (except inline) but it can send them and
SSLSocket inherits sendUrgentData() so it's vaguely on topic. The problem I
foresee according to the STUNNEL docs is that unless the OOB character is
in-lined then it will just be ignored. Can anyone confirm this?

SSLv3 seems to mandate that the OOB data be supported (as normal data with a
complete SSL wrapper record) but I can't find anything in the OpenSSL
routines that modify (or inform) an SSL_Read() that it's got the OOB; can
anyone confirm this?

At first glance, I just can't see a problem with STUNNEL/OpenSSL unpacking
the OOB byte and passing it on to the in-the-clear connection (with the
option for *both* inline or OOB) but maybe that's just me?

Cheers Richard Maher

PS. I actually find the whole SSL thing a huge fudge and long for the day
when everyone is talking something more transparent like IPSec! (Or other
VPN solution) Still they'll always be the ubiquitous unauthorised browser
client with a dynamic IP address I suppose.

PPS. If you know much about a "SOCKS - Generic *circuit-level* Proxy Server"
I'd be very willing to listen to that too! But the implementations I've seen
(HP-UX at least) seem to deploy SSH in this space with one process/user and
up-front user authorization and other unpleasantness; any thoughts?

"Arne Vajhøj" <arne@xxxxxxxxxx> wrote in message
news:468b173a$0$90270$14726298@xxxxxxxxxxxxxxxxxx
Richard Maher wrote:
Is my question so ambiguous that nobody wants to answer it?

I posted some SSLSocket code in your next question, so I assume
all is set here.

Arne


.

Relevant Pages

  • Re: Java Applet Client for STUNNEL-fronted server
    ... foresee according to the STUNNEL docs is that unless the OOB character is ... SSLv3 seems to mandate that the OOB data be supported (as normal data with a ... option for *both* inline or OOB) but maybe that's just me? ... Either open a second socket connection for this traffic or make ...
    (comp.lang.java.programmer)
  • Re: NDIS_PACKET_8021Q_INFO
    ... I think for my specific case inspecting the UserPriority from the OOB is ... need to look at DSCP whereas in second case we would. ... populated the OOB data. ...
    (microsoft.public.development.device.drivers)