AW: [Snort-users] ssh vs stunnel

Matt Kettler mkettler at ...4108...
Tue Jul 1 12:47:08 EDT 2003


At 05:25 PM 7/1/2003 +0200, Jochen Vogel wrote:
>this disscusion was started by me.
>
>the answer from joerg was that he use stunnel and it works just fine.
>
>now i ask about the pros & cons between ssh & stunnel.
>
>why should i use stunnel if i can do the same over an ssh port forwarding.
>whats is better with stunnel?
>
>thx

Google is your friend. Found via a search for: stunnel ssh


http://www.monkey.org/openbsd/archive/misc/0306/msg00906.html


>Given the recent security issue with stunnel, I'd favor either the
>native SSL or SSH tunnel for this purpose.

(note: the context of the above quote is regarding MySQL native SSL 
support, vs stunnel vs ssh tunnels.)

One of the recent problems in stunnel boiled down to being vulnerable to 
the RSA timing attack present in OpenSSL.

http://www.securityfocus.com/archive/1/316211

And another vulnerability where stunnel itself had unsafe SIGCHLD handling:

http://www.securityfocus.com/archive/1/306442

Both of those vulnerabilities were this year.





More information about the Snort-users mailing list