On Thu, 10 Mar 2022 11:41:15 +0000
Paul Howarth <paul(a)city-fan.org> wrote:
On Thu, 10 Mar 2022 12:26:54 +0100
Vitaly Zaitsev via devel <devel(a)lists.fedoraproject.org> wrote:
> On 10/03/2022 11:55, Alex wrote:
> > May I suggest to leave at least the telnet protocol in curl-minimal
> > for debugging purposes.
>
> Telnet is an extremely vulnerable protocol. It must be disable.
>
> If you need it, you can always install libcurl-full.
I wonder, do you have the "telnet" program installed on your machine(s)?
I'd be surprised if anyone using curl's telnet *client* support wasn't
aware that it was sending plain text over the network, possibly
including any credentials that were being used. A telnet client is,
however, a very useful debugging tool for various other network
protocols, not just the telnet protocol itself. That is, I believe,
what Alex was advocating for, since the curl tool's presence is
well-nigh universal and hence always available for debugging some
network issues.
Thanks Paul, that's exactly my point.
I agree that Telnet should not be offered as a service to the outside world,
but for debugging is it very helpfully.
Let me try to explain what the "telnet://" means for me.
```
With the telnet protocol in curl is a TCP Socket connection created and
therefore can be tested if a TCP connection to a remote destination can be
successful created.
```
Here a example test. I know that this could be also done with https but it's a
understandable example, IMHO.
```
echo -e 'GET / HTTP/1.1\r\nHost:
www.google.com\r\n\r\n'|curl --ipv4 \
-vso /dev/null --ssl --tlsv1.3 telnet://www.google.com:443
* Trying 172.217.19.132:443...
* TCP_NODELAY set
* Connected to
www.google.com (172.217.19.132) port 443 (#0)
* Closing connection 0
```
Paul.
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines List
Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure