Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Telnet STARTTLS Option #113

Open
myonara opened this issue Aug 10, 2024 · 2 comments · May be fixed by #125
Open

Implement Telnet STARTTLS Option #113

myonara opened this issue Aug 10, 2024 · 2 comments · May be fixed by #125
Assignees
@amotzkau @myonara @mystiker
Labels
backend This issue is specific to the backend
Milestone
TELNET-support fe...

Comments

@myonara
Copy link
Contributor

myonara commented Aug 10, 2024
edited by mystiker
Loading

Description:
Implement support for the Telnet STARTTLS option to enable encrypted communication between the client and server using TLS (Transport Layer Security). STARTTLS initiates a secure TLS handshake over an existing Telnet connection, ensuring data confidentiality and integrity. This option is essential for protecting sensitive information and providing secure authentication in Telnet sessions.

Details:

  1. Option Code: 46

  2. Functionality:

    • The client requests encryption by sending IAC DO STARTTLS to the server.
    • If the server supports encryption, it responds with IAC WILL STARTTLS, confirming the STARTTLS request.
    • Following the negotiation, both sides initiate a TLS handshake to establish an encrypted session.
    • Once the handshake is complete, all further communication is encrypted.

  3. Expected Workflow:

    • The client sends IAC DO STARTTLS to request TLS encryption.
    • Upon receiving IAC WILL STARTTLS from the server, the client initiates a TLS handshake.
    • Both client and server transition to encrypted communication upon successful completion of the handshake.

  4. Acceptance Criteria:

    • The client successfully negotiates STARTTLS with the server.
    • TLS handshake completes without errors, establishing a secure channel.
    • All data following the handshake is encrypted.

References:
@myonara myonara added backend This issue is specific to the backend frontend This issue is specific to the frontend labels Aug 10, 2024
@mystiker
Copy link
Collaborator

mystiker commented Nov 3, 2024

Regarding the STARTTLS option: This option is intended to negotiate an SSL/TLS connection after an unencrypted session has already been established. However, we have decided not to support this option. Instead, we require that the client initiates a TLS connection directly from the start, without negotiating encryption mid-session. This approach provides a more secure and straightforward connection setup, and it aligns better with our architecture.

To configure a direct TLS connection, we are using environment variables to control this setup, ensuring that all client connections are secured from the beginning.

@mystiker
Copy link
Collaborator

mystiker commented Nov 3, 2024

I tested it and it works out of the box with the current code base - no changes needed.

Issue can be closed as is.

@mystiker mystiker linked a pull request Nov 4, 2024 that will close this issue
Open
@mystiker mystiker changed the title telnet option STARTTLS Implement Telnet STARTTLS Option Nov 4, 2024
@mystiker mystiker removed the frontend This issue is specific to the frontend label Nov 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amotzkau amotzkau

@myonara myonara

@mystiker mystiker

Labels
backend This issue is specific to the backend
Projects
None yet
Milestone
TELNET-support feasable for UNItopia
Development

Successfully merging a pull request may close this issue.

Updated readme for telnet options unitopia-de/webmud3
3 participants
@amotzkau @myonara @mystiker