[Chilli] How to put uamport behind SSL?

Gunther Mayer gunther.mayer at googlemail.com
Mon Nov 30 08:01:44 UTC 2009


David Bird wrote:
> Fixed in rev 250. Though, it doesn't do what you outlined. It will
> hijack port 443 and with security error redirect to the captive portal.
> It doesn't do SSL on the UAM port. I suppose it is a straight forward
> feature (perhaps for uamuiport leaving uamport as is).

Would you mind implementing that please? It would take me weeks to do it...
>  With that said,
> chilli uses the chap challenge/response style login to secure the
> password. It does reveal a username over plain HTTP, but then again you
> can always use anonymous codes or one-time-passwords.

I know the current setup is secure enough. It's just that almost all of 
the most recent browsers out there give you nasty or at least very 
annoying warnings that some parts of the site are unsecured (http to 
chilli) and explaining security to users using tech talk is of little 
comfort, for a layman at least. On top of that, mixing https with plain 
http makes things really challenging with some javascript libraries. 
They all recommend to not mix at all.
> At this point, I
> would use a relay -- chilli already has all the facilities for SSL
> (using openssl at least).
>   

Ok, please explain how I could use "a relay" to achieve what I need.

Am I right that it cannot be made to work with stunnel/matrixtunnel/xrelayd?

Gunther


More information about the Chilli mailing list