| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403261525.i2QFPEas011168@bilbo.localnet>
From: borisv at lk.net (Boris Veytsman)
Subject: Message - Banner's Styles
SH> From: Sebastian Herbst <pz@...chozapp.de>
SH> Date: Fri, 26 Mar 2004 11:44:26 +0100
SH> the only advise you will get on a SECURITY mailing list is:
SH> DO NOT USE TELNET!
I disagree.
>From man telnetd on debian:
-z SSL-parameter
This option is only valid if telnetd has been built with SSL
(Secure Socket Layer) support.
debug Enable SSL related debugging.
ssl Negotiate SSL at first, then use telnet proto-
col. In this mode telnetd only accepts connec-
tions from SSL enhanced telnet with option -z
ssl
nossl, !ssl
switch off SSL negotiation
certsok Look username up in /etc/ssl.users. The format
of this file is lines of this form:
user1,user2:/C=US/..... where user1 and user2
are usernames. If client certificate is valid,
authenticate without password.
certrequired
client certificate is mandatory
secure Don't switch back to unencrypted mode (no SSL)
if SSL is not available.
verify=int Set the SSL verify flags (SSL_VERIFY_* in
ssl/ssl.h ).
cert=cert_file
Use the certificate(s) in cert_file.
key=key_file
Use the key(s) in key_file.
cipher=ciph_list
Set the preferred ciphers to ciph_list. (See
ssl/ssl.h ).
I think -z secure is OK.
--
Good luck
-Boris
Its name is Public Opinion. It is held in reverence. It settles everything.
Some think it is the voice of God.
-- Mark Twain
Powered by blists - more mailing lists