On 02/27/11 1:50 AM, erikmccaskey64 wrote: > > Main question: is it safe, to open a port for an openssl server? > > e.g.: > > server side - generate a self-signed cert. > time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout > mycert.pem -out mycert.pem > openssl s_server -accept 52310 -cert mycert.pem > > Is it secure? - it could be DOSed' [DenialofService] or could it be > attacked in any way? > > Are there any iptables rule for restricting connections to dyndns names? > > e.g.: only allow connection from "asdfasdf.dyndns.com" and > "asdfasdf2.dyndns.com" and "asdfasdf3.dyndns.com"? > any host names used in iptables rules are looked up at the time the rule is created, and if the hostname->IP later changed, the iptables would not be aware of this until the next time they are reloaded. > How could i restrict the openssl server to only accept traffic from > given clients? Please help me "think".. > > Or are there any "production ready" methods, that can do > authentication too? [+using ssl]. > "openssl s_server" and "openssl s_client" would be perfect, but the > problem is it doesn't has username/password auth :\ > aren't those openssl s_server and s_client intended just for testing protocols? If you want to secure an application, you implement ssl in your application via libssl, or you use a vpn tunnel such as openvpn (which uses SSL itself) anyways, the whole idea of SSL is to use certificate based authentication rather than username/password.