<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1555" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2><FONT face="Times New Roman" size=3>Hi
Luis,<BR><BR>Thanks for the detailed reply!<BR><BR>> Ok, been reading. The
short answer is no.<BR><BR>Oh well :-( I guess that's what IPsec's
for.<BR><BR>> The longer answer is SSL doesn't support OOB data, so that's
why<BR>> not. I did read your post saying you've read specs where it says
it<BR>> does, but I could find no such. Take a look at RFC4346, section
6.2<BR>> </FONT><A
href="http://tools.ietf.org/html/rfc4346#page-14"><FONT face="Times New Roman"
size=3>http://tools.ietf.org/html/rfc4346#page-14</FONT></A><BR><BR><FONT
face="Times New Roman" size=3>> Take a look also at this
thread:<BR>> </FONT><A
href="http://www1.ietf.org/mail-archive/web/tls/current/msg01041.html"><FONT
face="Times New Roman"
size=3>http://www1.ietf.org/mail-archive/web/tls/current/msg01041.html</FONT></A><BR><BR><FONT
face="Times New Roman" size=3>Doesn't that thread suggest that OOB functionality
is part of the SSLv3<BR>standard? Is version three one of those "yet to be"
standards that is still<BR>a long way off? Renamed TLS? (I found several RFCs
dealing with this, anyone<BR>know which is the relevant one? I couldn't find
"Urgent", "OOB" or "band" in<BR>4346)<BR><BR>My understanding (imagination
maybe) is that the OOB character is to be<BR>packaged up as a single byte record
surrounded with the SSL wrapper with a<BR>bit set that says it's the OOB
character. I would now like stunnel just to<BR>dequeue it from SSL and then set
the MSG_OOB flag and replay it to the<BR>application port. So it's sort of
quasi-OOB to Stunnel and then true-OOB to<BR>the receiving port.<BR><BR>> The
argument (almost) in full:<BR>> - SSL doesn't define anything like OOB data
in its streams, so<BR>> anything we did in stunnel would be an extension, and
not<BR>> interoperable. And, anyways, would have to be done in openssl and
not<BR>> in stunnel, I think.<BR><BR>I must be confused about what's
available (the only SSL code I've cut is<BR>simple Java client stuff) 'cos I'm
sure I've seen patch-comments that say<BR>something like "make sure stunnel
handles OOB data correctly" and isn't<BR>there some sort of OOB INLINE
configuration parameter. Is there really<BR>northing available after the
SSL_Read that identifies the data as an OOB<BR>character?<BR><BR>Anyway, thanks
again for the reply.<BR><BR>Cheers Richard Maher<BR><BR>PS. Does anyone out
there know of a lower-level version of Stunnel (or<BR>something else) that
spoofs the originating host-address when replaying the<BR>connection on the
local server? It sure would be useful for client<BR>identification, and for
reducing DoS attacks!<BR><BR>----- Original Message ----- <BR>From: "Luis
Rodrigo Gallardo Cruz" <</FONT><A href="mailto:rodrigo@nul-unu.com"><FONT
face="Times New Roman" size=3>rodrigo@nul-unu.com</FONT></A><FONT
face="Times New Roman" size=3>><BR>To: <</FONT><A
href="mailto:stunnel-users@mirt.net"><FONT face="Times New Roman"
size=3>stunnel-users@mirt.net</FONT></A><FONT face="Times New Roman"
size=3>><BR>Sent: Tuesday, September 18, 2007 9:14 AM<BR>Subject:
[stunnel-users] Relaying OOB data [Was: A series of minor<BR>patchesfrom
Debian]<BR><BR><BR>> _______________________________________________<BR>>
stunnel-users mailing list<BR>> </FONT><A
href="mailto:stunnel-users@mirt.net"><FONT face="Times New Roman"
size=3>stunnel-users@mirt.net</FONT></A><BR><FONT face="Times New Roman"
size=3>> </FONT><A
href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users"><FONT
face="Times New Roman"
size=3>http://stunnel.mirt.net/mailman/listinfo/stunnel-users</FONT></A><BR></FONT></DIV></BODY></HTML>