[sslh] Timed out connections (default protocol)
Nicolai Ehemann
en at enlightened.de
Tue Jul 17 13:35:13 CEST 2012
Hello,
I use sslh to let a https server and a reverse vnc server share port
443 (https is obvious, the vnc is for providing support to
roadwarriors who connect from foreign corporate networks where ports
beside 443 may be filtered). No ssh in my use case. So my config looks
like this:
protocols:
(
{ name: "vnc-reverse"; host: "192.168.89.20"; port: "443";
probe: [ "RFB 003.016" ]; },
{ name: "ssl"; host: "srv-mail"; port: "443"; probe: [ "" ]; }
);
Basically, everything works fine. Especially, I never had any problems
with vnc connections. However, from time to time (and from yesterday
to today around a few dozen times) I get connections on the vnc server
that are not a vnc client (the server pops up error messages on these,
lamenting about wrong protocol).
I suspect these are https/ssl connections that cannot get identified
as "not vnc" in time, and thus go to the default protocol.
Obviously, I would like to have this connections go to the https
server. Unfortunately, with the need of placing ssl protocol last and
specifying default protocol by putting it first, this is currently not
possible.
At the first glance, I see two options of supporting my scenario
(better): first, allow to specify another but the first protocol as
default protocol, or second, allow to disable the timeout, so not
matching connections go to the last defined protocol immediately.
The first idea appears to be more flexible, but has the drawback that
the currently elegant configuration by order has to be given up. The
second appears to fit better into my scenario, and might boost
connection speed where a default protocol is not needed. However, both
do not have to be mutually exclusive.
What do you thing. Yves, do you consider implementing one of these?
Thank you
Kind regards,
Nicolai Ehemann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4678 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://rutschle.net/pipermail/sslh/attachments/20120717/c0d910ff/attachment.bin>
More information about the sslh
mailing list