[CentOS] opened OpenSSL port

erikmccaskey64

erikmccaskey64 at zoho.com
Sun Feb 27 09:50:21 UTC 2011


Main question: is it safe, to open a port for an openssl server? 


e.g.:


server side - generate a self-signed cert.
time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out mycert.pem
openssl s_server -accept 52310 -cert mycert.pem


Is it secure? - it could be DOSed' [DenialofService] or could it be attacked in any way?


Are there any iptables rule for restricting connections to dyndns names?


e.g.: only allow connection from "asdfasdf.dyndns.com" and "asdfasdf2.dyndns.com" and "asdfasdf3.dyndns.com"?


How could i restrict the openssl server to only accept traffic from given clients? Please help me "think"..


Or are there any "production ready" methods, that can do authentication too? [+using ssl].
"openssl s_server" and "openssl s_client" would be perfect, but the problem is it doesn't has username/password auth :\


Thank you for any help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110227/e8c42dc1/attachment.html>


More information about the CentOS mailing list