Hi

Yeah, Rockin' and Rollin' thanks again Arne. (At least I hope so, I haven't
gotten around to testing it yet (with Stunnel), and am currently
experiencing the joys of porting my Internet Explorer JavaScript/HTML to
Firefox :-) On the upside, the Applet stuff worked straight away)

Having said that there is a related topic that you might be able to assist
me with though: -

"The TCP/IP Out-of-band character with Java->SSL->Stunnel."

I know Java can't receive OOB data (except inline) but it can send them and
SSLSocket inherits sendUrgentData() so it's vaguely on topic. The problem I
foresee according to the STUNNEL docs is that unless the OOB character is
in-lined then it will just be ignored. Can anyone confirm this?

SSLv3 seems to mandate that the OOB data be supported (as normal data with a
complete SSL wrapper record) but I can't find anything in the OpenSSL
routines that modify (or inform) an SSL_Read() that it's got the OOB; can
anyone confirm this?

At first glance, I just can't see a problem with STUNNEL/OpenSSL unpacking
the OOB byte and passing it on to the in-the-clear connection (with the
option for *both* inline or OOB) but maybe that's just me?

Cheers Richard Maher

PS. I actually find the whole SSL thing a huge fudge and long for the day
when everyone is talking something more transparent like IPSec! (Or other
VPN solution) Still they'll always be the ubiquitous unauthorised browser
client with a dynamic IP address I suppose.

PPS. If you know much about a "SOCKS - Generic *circuit-level* Proxy Server"
I'd be very willing to listen to that too! But the implementations I've seen
(HP-UX at least) seem to deploy SSH in this space with one process/user and
up-front user authorization and other unpleasantness; any thoughts?