[ale] Perl + SSL
Christopher Fowler
cfowler at outpostsentinel.com
Wed May 19 09:59:15 EDT 2004
I'll also add that from a data perspective the stuff passed between the
C and Perl code is worthless to anyone but the devices. There is no
sensitive information there. I want to implement encryption from a
marketing perspective. Many IT individuals think that if it is not
encrypted then it is not good. IMHO that is simply not true. You pick
encryption based on the value of the data that will be transmitted in
the connection. For example to go to https://www.usatoday.com vs
http://www.usatoday.com would not warrant the cycles needed on the
server and the client to simply encrypt the contents of today's paper.
On Wed, 2004-05-19 at 09:55, Christopher Fowler wrote:
> The only problem I've experienced with stunnel is when I need to use
> getpeername() to determine who is contacting me. When stunnel is in the
> middle then it appears as if 127.0.0.1 is the one that I'm talking to.
> Maybe I've misconfigured it?
>
> On Wed, 2004-05-19 at 09:44, Fletch wrote:
> > You can use ssl for just encryption, you don't need to go whole hog
> > and use its authentication features as well. Also consider just
> > passing on implementing the crypto in your software and using stunnel
> > or ssh to pass the traffic. You're most likely better off using a
> > proven protocol than trying to implement your own even if you use off
> > the shelf algorithms (stop and immediately read Schneier's _Secrets
> > and Lies_ NOW if you haven't already :).
> >
> >
> > At any rate, if you still want to do it yourself look at
> > Crypt::SSLeay, Net::SSLeay, and the other Crypt:: modules on CPAN
> > (probably using something like Crypt::Blowfish with Crypt::DH to do
> > key exchange).
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list