Http server instead of own server?

Zenny garbytrash at gmail.com
Sat Feb 16 13:06:57 CET 2013 

Teddy, thanks for clarification.

But in the meantime, how secure is TLS authentication of remote mandos
client-server authentication against the exploits discovered recently
like the one at http://www.isg.rhul.ac.uk/tls/, and the /. discussion
at http://it.slashdot.org/story/13/02/06/2337228/researchers-devise-new-attack-techniques-against-ssl
and at http://tech.slashdot.org/story/11/09/20/1833232/hackers-break-browser-ssltls-encryption?

Just eager to know how mandos server-client architecture prevents such
vulnerabilities?! Thanks again.

On 2/16/13, Teddy Hogeborn <teddy at recompile.se> wrote:
> Zenny <garbytrash at gmail.com> writes:
>
>> > > So, is it possible to use some simple form of connection to the
>> > > "Mandos server", for example with a public basic http server?
>> >
> [...]
>> >
>> > 1. Add "ip=dhcp" to the Linux kernel command line; do this by
>> >    editing the GRUB_CMDLINE_LINUX_DEFAULT setting in your
>> >    /etc/default/grub file; add "ip=dhcp" to the setting.  If DHCP is
>> >    not available for the Mandos client systems, use the syntax
>> >    "ip=1.1.1.2::1.1.1.1", where "1.1.1.2" is the client IP address
>> >    and "1.1.1.1" is the local gateway.
>> >
>> > 2. Add, to the /etc/mandos/plugin-runner.conf file, this line:
>> >
>> > --options-for=mandos-client:--connect=1.2.3.4:1234
>> >
>> >    Replace "1.2.3.4:1234" with the IP address and your chosen port of
>> >    the Mandos server.
>>
>> Thanks Teddy for sharing very useful info, that I have been searching
>> for. Great!
>>
>> BTW, it is a bit confusing for me at least. You stated that replace
>> the IP with the Mandos Server IP, and I guess the change to the
>> /etc/mandos/plugin-runner.conf is needed to be made in the Mandos
>> client machine right?
>
> Steps 1 through 3 is on the Mandos client; step 4 is on the Mandos
> server.  Sorry; I should have clarified.
>
>> > 3. Run "update-initramfs -k all -u" to update the initramfs image.
>> >
>> > 4. Configure the Mandos server to use a specific port number by
>> >    uncommenting and editing the "port" setting in /etc/mandos.conf
>> >    on the Mandos server host.
>
> /Teddy Hogeborn
>
> --
> The Mandos Project
> http://www.recompile.se/mandos
> _______________________________________________
> Mandos-Dev mailing list
> Mandos-Dev at recompile.se
> https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev
>

More information about the Mandos-Dev mailing list