Sometimes, people are using software that does not support encrypted connections using SSL. To provide SSL-support to such a client, ncat can be used. Ncat is part of nmap, the famous port-scanner.
The main principle is that the non-ssl capable software does not connect to the SSL-based service, but to the local host. Ncat will be listening on the localhost and will setup an SSL-connection with the SSL-based service on behalf of the non-ssl capable software.
This simple command allows an application to browse to port 80, and perform regular HTTP-request, while in fact, they are encapsulated within a SSL- connection:
ncat -l 80 -c "ncat (ip-address) (port) --ssl"
The -l option specifies the local port on which the SSL-tunnel will be listening. The ip-address and port refer to the SSL-based service.
So if the client connects to 127.0.0.1 on port 80 it will actually connect through the SSL-tunnel to the external service.
Often stunnel is used for this job but this software craps out on debian Etch with some error like:
SSL routines:SSL3_GET_RECORD:bad decompression
But ncat is an excellent alternative.
Comments