PageViews: 834 hits / 121 nets |
STLS=fcl In older versions, it was a little complicated to configure DeleGate as a TLS gateway, especially for FTP protocol as described in the former document, like this:
// FTP/FTPS gateway before DeleGate/9.0.1 // delegated-older -P990 SERVER=ftp FCL=sslway delegated-older -P21 SERVER=ftp CMAP=sslway:FCL:ftp CMAP="sslway -st:FCL:ftp-data"Also it was necessary to run two DeleGate servers to make services for FTPS and FTP+AUTH-TLS clients respectively. And the configuration of the latter was a bit complex.
But now, those DeleGate can be realized with one DeleGate server as this.
// FTP/FTPS gateway in DeleGate/9.0.1 and after // delegated-newer -P21,990 SERVER=ftp STLS=fcl
Be careful not to use older SSL libraries with vulnerabilities. Using OpenSSL after 0.9.7d or later is recomended. For users who have some problem to make OpenSSL libraries for dynamic linking, I uploaded the binary versions for Linux (lib{ssl,crypto}.so.0.9.7), MacOSX (lib{ssl,crypto}.0.9.7.dylib) and Win32 ({ssleay,libeay}32.dll) at ftp://ftp.delegate.org/pub/DeleGate/bin/.
In older versions, making the "sslway" executable was a bit troublesome because there are so diverse environments at compile time in which a program is to be compiled with SSL libraries. From now on, there is no trouble at compile-time to make DeleGate to be a TLS gateway.
In older versions, "sslway" as an external filter program has been invoked every time a SSL connection is made. On every invocation, it initializes the SSL context, retrieves certificate, and creates a session from scrach.
Example 1. how to make gateways from TLS clients to bare protocol:
delegated STLS=fcl -P443 SERVER=https MOUNT="/* http://wwwServer/*" delegated STLS=fcl -P21,990 SERVER=ftp MOUNT="/* ftp://ftpServer/*" delegated STLS=fcl -P110,995 SERVER=pop MOUNT="* pop://popServer/*" delegated STLS=fcl -P143,993 SERVER=imap MOUNT="* imap://imapServer/*" delegated STLS=fcl -P25 SERVER=smtp delegated STLS=fcl -P992 SERVER=telnet://telnetServer delegated STLS=fcl -Pmmm SERVER=tcprelay://host:nnnExample 2. how to make gateways from bare protocol client to TLS server:
delegated STLS=fsv -P80 SERVER=http MOUNT="/* https://wwwServer/*" delegated STLS=fsv -P21 SERVER=ftp MOUNT="/* ftps://ftpServer/*" delegated STLS=fsv -P110 SERVER=pop MOUNT="* pop3s://popServer/*" delegated STLS=fsv -P143 SERVER=imap MOUNT="* imaps://imapServer/*" delegated STLS=fsv -P25 SERVER=smtp delegated STLS=fsv -P23 SERVER=telnets://telnetServer delegated STLS=fsv -Pnnn SERVER=tcprelay://host:mmmExample 3. A SSL gateway with protocol translation
delegated STLS=fcl -P443 SERVER=https \ MOUNT="/mail/* pop://popserver/*" \ MOUNT="/news/* nntp://nntpserver/*" \ MOUNT="/file/* ftp://ftpserver/*" \ MOUNT="/web/* http://intra/*"