From owner-freebsd-security Tue Dec 28 6:56: 0 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E68B015484 for ; Tue, 28 Dec 1999 06:55:54 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id JAA46246; Tue, 28 Dec 1999 09:55:49 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Tue, 28 Dec 1999 09:55:49 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: "Kurt D. Zeilenga" Cc: freebsd-security@freebsd.org Subject: Re: bjorb vs sslproxy vs stunnel In-Reply-To: <3.0.5.32.19991224135854.00948d70@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Don't have any experience with bjorb or stunnel, but I do remember finding that sslproxy doesn't correctly reap fork()'d zombie children, resulting in large numbers of zombies on a production machine. This was a couple of months ago, so it may have been fixed since then, but it wasn't very entertaining. You might also consider SSH for tunneling if you allow users to have accounts on your machine (i.e., SSH requires them to log in before providing tunneling services) -- this is a common arrangement with CVS where they will need to authenticate anyway. I hope to give stunnel a try shortly in the hopes that it is better than sslproxy :-). On Fri, 24 Dec 1999, Kurt D. Zeilenga wrote: > I am looking at using an SSL proxy to provide > privacy protection for a variety of services > including CVS. There are at least three differnet > packages available in the ports collection that > provide SSL tunneling services. > > Does anyone know of or have a decent, up-to-date > comparative review of these packages? > > TIA, Kurt > > ---- > Kurt D. Zeilenga > Net Boolean Incorporated > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message