RE: Proxy or Firewall

David Lang Fri, 28 Apr 2000 11:03:18 -0700
-----BEGIN PGP SIGNED MESSAGE-----

I just went through the research nessasary to program this. what actually
happens is that the client connects to the http proxy, tells the http
proxy where it wants to connect to, then after it is connected negotiates
the SSL connection. At this point the proxy shifts into a
"passthrough" mode and can no longer see the contents of the connection. 

The SSL is one session from end to end.

David Lang


 On Fri, 28 Apr 2000, James Dabbs wrote:

> Date: Fri, 28 Apr 2000 07:36:42 -0400
> From: James Dabbs <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: RE: Proxy or Firewall
> 
> Generally speaking, use of "raw" SSL through a proxy requires special setup
> changes in the proxy itself.  Depending on the environment, this may also
> require a security waiver from the MIS department in charge of the proxy and
> a security screen on the endpoints in question.
> 
> HTTP over SSL, though, works transparently through almost any proxy.  This
> is because the HTTP client knows that the proxy exists.  It sets an SSL
> session up with the proxy, and tells the proxy to set up a seperate SSL
> session with the actual server.  As long as requests are initiated by the
> client, everything is OK.
> 
> Proxies are like "internet diodes."  As long as you follow their rules,
> everything is OK.
> 
> James Dabbs
> [EMAIL PROTECTED]
> 
> Director of Engineering
> TGA Technologies, Inc.
> Suite 140, 100 Pinnacle Way
> Norcross, GA 30071
> 
> 770-441-2100 ext 126
> 
> 
> > -----Original Message-----
> > From:       Boyet, Adam C [SMTP:[EMAIL PROTECTED]]
> > Sent:       Thursday, April 27, 2000 4:18 PM
> > To: '[EMAIL PROTECTED]'
> > Subject:    Proxy or Firewall
> > 
> > Is it possible to use Net::SSLeay and OpenSSL to make a SSL request
> > through
> > a proxy or firewall.
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQEVAwUBOQm+vT7msCGEppcbAQF3CQf/Zf193EIMZ0H8wDiEC453MR86ceKdxl6c
SBkDLvoa7RBv+C7Txh6NJFBBTzMuMFgg79KFBHxp/mf1pBPPCOc3FEQS1or7YWkj
+K/GFtUv7zzW1PNaBtmuvr2CEU9MO+fio4TTE04wHZngFr95qVuC/I8s8pMKGp8H
4wky9+XdtE/QPK7uStnBdsR2omMXvYnmoTOMtRbsRUBrzl2phOF8QZrXV1ONB/h4
ZRAmtBrpoy7Vyq5o1jJ46ccaon6c0m7zcz96IxCOaT4Bhq0GoMbZbFTj6/ntp22I
gbAXFmg1s9GzIu2SiFwvZyswQ8oyfZ9ykn7IVmh1Rgf3JEYCyv9fRA==
=jknO
-----END PGP SIGNATURE-----

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: Proxy or Firewall

Reply via email to
