Article delegate-en/4690 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Delegate SSL <-> delegate <-> ftp server
09 Dec 2009 06:56:33 GMT "Hanard Xavier (DTSBE)" <pkijabdyi-qjyh54lybnxr.ml@ml.delegate.org>


> Hello,
> 
> Here the facts> ...> 
> 
> We use Delegate 8.9.6 with a modified SSL way routine. Modification was done in order to doucle check the client certificate loaded into our LDAP.
> Systems runs AIX 6.0
> 
> The configuration is as follow.
> 
> 1) Delegate into DMZ run as the entry point for customer, SSL enabled, IP filtered, passive mode only. This one is a proxy to the 2)
> 2) Delegate into LAN run as an entry point for trusted client, SSL not used, outgoing connection restricted to port range. This one is a proxy to an Intrastore Server which is in fact the real FTP server.
> 
> Working everything without SSL from internet is perfect so it validate the port range, firewall and routing configurations.
> 
> Enabling SSL give problems. The logging phase work perfect, the IP filtering seems to be ok too.
> Making an LS command, or any command which initiare a DATA channel transfert fail.
> 
> The result message from our client specify a SSL Handshake fail.
> When the system renegociate the SSL for the DATA transfert is seems that it does it with the LAN server> ...>  We are not sure to understand exactly what it is going there.
> So, can you help us? Did you already have see this king of configuration/problem combination?
> 
I've tried with the Master, Proxy, tcprelay solution but i can't establish this communication the way i'd like to.

> Why don't we use the latest version of Delegate? 
> - The one we have is here crashfree proofed! (regards!) 
> - We have develloped an SSLway for our needs and the incorporated SSL will give us new work to adapt.
> - At least we weren't able to compile any verions of Delegate after the 8..9.6 on our AIX here. Even the latest 9.9.5 (each time we have a stop compilation with "not linkable object"> ...> )
> 
> 
> 
> Hanard Xavier
> IT System Engineer @ Dexia Technology Services
> Network Security - Identity Management
> Tel: +000000000f Gsm: +3000000000F
> SecureEDI Public Folder E-Mail: secureedi.be@dexia..
> E-mail: xavier.hanard@dexia..
> P  Please consider your environmental responsibility before printing this e-mail
> 
-------------------------------------------------------------------------
My e-mail address has been harmonized into @dexia.com !
Please remember to update your contact list.

Veuillez noter que mon adresse e-mail est harmonisée en @dexia.com !
N'oubliez pas de mettre à jour votre liste de contacts.

Meine E-Mailadresse wurde harmonisiert zu @dexia.com
Vergessen Sie nicht Ihre Kontaktadresse anzupassen.

Mijn e-mailadres is geharmoniseerd naar @dexia.com.
Vergeet niet uw contactenlijst aan te passen.
-------------------------------------------------------------------------
Dexia disclaimer:
http://www.dexia.com/maildisclaimer.htm
-------------------------------------------------------------------------


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V