LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-06-2009, 05:53 AM   #1
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Rep: Reputation: 40
Why does TLS port accespt both TLS and plain TCP?


Hi all.


I've set up stunnel (i.e. the universal TLS tunnel) listening on port X on a server. It seems to me like the port accepts both TLS connections as well as regular TCP connections (not running under TLS), and I'm not sure why this works.

Does anyone know why both TLS and normal TCP traffic is accepted at this port? I know that TLS is run over TCP in the first place, so I'm guessing it has something to do with this.

Greets,
kenneho
 
Old 02-06-2009, 06:12 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
stunnel can be used in many many ways, can you show us how you're using it? AFAIR you can configure stunnel to allow plain connections on an ideally TLS encrypted connection is desired.
 
Old 02-06-2009, 08:50 AM   #3
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Original Poster
Rep: Reputation: 40
I'm setting up rsyslog to tunnel syslog-messages via TLS to the loghost.
This is the config file I'm using - found it in the rsyslog documentation:
Code:
; Certificate/key is needed in server mode 
cert = /etc/stunnel/stunnel.pem 

; Some debugging stuff useful for troubleshooting 
debug = 7 
foreground=yes 

[ssyslog] 
accept  = 60514 
connect = 61514
Don't see anything about allowing plain TCP, so I'm guessing it it the default or something.
 
Old 02-06-2009, 10:52 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
So how is this being used?? This is the server side? What is connecting to this?
 
Old 02-08-2009, 08:30 AM   #5
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Original Poster
Rep: Reputation: 40
Ah, I think I've got this the wrong way.... The rsyslog server listens to both rsyslog traffic (TCP) and stunnel traffic, on separate ports naturally. In my tests I directed plain TCP traffic to the rsyslog TCP port, not the stunnel port. That explains why things seemed to work even when I thought I directed TCP traffic to the stunnel port. My bad.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix plain password auth with tls security m2azer Linux - Newbie 1 01-13-2009 11:48 PM
errno: TLS definition in /lib64/libc.so.6 section .tbss mismatches non-TLS reference johnpaulodonnell Programming 2 07-25-2008 05:37 AM
/usr/bin/ld: errno TLS def.. mismatches non-TLS def.. maverick_pol Fedora 1 07-27-2007 11:50 AM
Installing TLS Zormac Linux - Software 7 06-15-2007 01:14 AM


All times are GMT -5. The time now is 01:46 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration