You want the truth? I caught one major firewall vendor in a big lie over
this one. Their so called proxy was nothing more than a transparent
connection, yet when I asked them if I put a telnet daemon on another
machine on port 443, if their proxy would block it, they said it would. I,
of course, tried it, it didn't. They backpedeled saying their wasn't
anything they could check because its all encrypted. I countered that the
hello sequences and the public key exchange sequences were all in clear
text.
On Wednesday, March 08, 2000 2:58 PM, Groth, Daniel
[SMTP:[EMAIL PROTECTED]] wrote:
>
> Probably a silly matter, but:
>
> I have always been amazed about SSL in regards of HTTP servers
weaknesses.
> Are there any firewall that can do content analysis on an SSL stream?
>
> I suppose the firewall cannot grab the key exchange but something as
simple
> the header can be analyzed to check if it actually is SSL and not a telnet
> stream. Are any firewalls doing that?
>
> -Daniel
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
