After some fiddling around with Stunnel on OpenBSD, I got the transparent RDP tunneling inside SSL working. I still need to run some network captures with Ethereal or similar to make sure that the traffic is encrypted, but I don’t see any reason why it won’t be. Overall, the process was a bit easier than I expected. Once I get it better documented, I’ll find an appropriate format in which to distribute the information for others to use in their own networks.
You are currently browsing articles tagged SSL.
Tags: Encryption, OSS, SSL
As part of my experimentation with OpenBSD 3.7, I’m going to try to setup a way of transparently tunneling RDP (Remote Desktop Protocol, used by Windows Remote Desktop/Terminal Services) inside SSL. I’m thinking that I can use IP aliases and Stunnel to have “ordinary” RDP encapsulated in SSL by Stunnel and then passed off to another instance of Stunnel at the other end. Then, from the RDP client, I just connect to one of the IP aliases and the rest is handled transparently.
When I get it working, I’ll post more details here as well as on the Mercurion Systems web site.
Tags: BSD, Encryption, SSL
I finally managed to get Perdition working. Still unable to confirm if Mac OS X’s Mail.app supports STARTTLS (my experience thus far says No), I had to resort to using Stunnel to wrap IMAP inside an SSL tunnel, then forward the IMAP traffic to Perdition on the same host. The Perdition proxy then passes the traffic to the back-end mail server. It’s not the solution that I really wanted, but it will do for now. At least the Exchange Server 2003 IMAP server isn’t exposed directly to external networks.
On a slightly related note, the Slipstick Systems web site has a link to an IMAP proxy server that implements STARTTLS as a workaround for Exchange’s lack of native support for STARTTLS. The IMAP proxy can be found at http://www.slipstick.com/files/imapproxysvc.zip. So, if you have an IMAP4 client that supports STARTTLS and want to connect it to Exchange, you can use this IMAP proxy. At least, until Microsoft puts STARTTLS support into Exchange directly.
Tags: Encryption, Exchange, IMAP, Messaging, Microsoft, OSS, Security, SSL
In my experiments with Perdition, I learned a couple of very interesting facts. First, the IMAP4 implementation on Exchange Server 2003 does not support the STARTTLS command, as described in RFC 2595 and re-affirmed in RFC 3501. Instead, Exchange expects an SSL session to be established immediately, and then IMAP is spoken. This is similar to the “smtpd_tls_wrappermode” directive that Postfix supports.
Second, it appears that the Mac OS X Mail application (commonly referred to as Mail.app) also uses this IMAP-over-SSL approach, since I’ve been using Mail.app to connect to Exchange using IMAP with SSL for quite some time. I’m trying to confirm that now, but having precious little luck finding any definitive information one way or the other. If anyone knows for certain, please let me know. I’m going to keep searching.
This is one of those things that just makes me crazy.
Tags: Encryption, Exchange, IMAP, Messaging, Microsoft, Security, SSL, Standards
Site Sponsors
Support My Books!
Additional Site Sponsors
Recent Bookmarks
- EMC Storage Product (CLARiiON|Symmetrix Series|SAN Solution|Network Attached Storage|SAN Product|Knowledge Sharing)
- VMware KB - Avoiding replication of paging files and other transient data in Site Recovery Manager
- .osx at master from mathiasbynens/dotfiles - GitHub
- VMware KB - vCloud Director 1.5 and stretched cluster architectures
- VMware KB - Enabling centralized logging of vCloud Director cell logs
- Open source anti-theft solution for Mac, PCs & Phones – Prey
- VMware KB - Fast Provisioning in VMware vCloud Director 1.5
- Tibor Karaszi's SQL Server pages
- VMware KB - Implementing vSphere Metro Storage Cluster (vMSC) using EMC VPLEX
- Useful Mac OS X Commands
Other Links
Recent Comments