RE: Proxy or Firewall

Hansknecht, Deborah A Fri, 28 Apr 2000 12:22:21 -0700
A few comments included within...

> -----Original Message-----
> From: James Dabbs [mailto:[EMAIL PROTECTED]]
> Sent: April 28, 2000 5:37 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Proxy or Firewall

..........deleted stuff........

> HTTP over SSL, though, works transparently through almost any 
> proxy.  This
> is because the HTTP client knows that the proxy exists.  It 
> sets an SSL
> session up with the proxy, and tells the proxy to set up a 
> seperate SSL
> session with the actual server.  As long as requests are 
> initiated by the
> client, everything is OK.

Perhaps I missed some context in other messages that makes the above
statements correct (and I am probably veering off-topic), but as written
this is not true. HTTP works over SSL thru a proxy transparently because the
client knows that a proxy exists, (that much is true) but it DOES NOT set up
an SSL session. The client sends HTTPS via CONNECT which the proxy just
passes on to the end server. Your standard HTTP proxy does not negotiate any
SSL session with either client or server. (that is obvious if you remember
that you do not need an SSL aware
proxy - i.e. Apache with mod-ssl or Apache-SSL - if all you want to do is
proxy HTTP or HTTPS requests.) If you are "reverse-proxying" then the proxy
DOES negotiate separate SSL sessions with client and server, but that is an
entirely different bucket of worms and the client browser doesn't even know
that you are using a proxy. 


> 
> Proxies are like "internet diodes."  As long as you follow 
> their rules,
> everything is OK.
> 
> James Dabbs
> [EMAIL PROTECTED]
> 
> Director of Engineering
> TGA Technologies, Inc.
> Suite 140, 100 Pinnacle Way
> Norcross, GA 30071
> 
> 770-441-2100 ext 126
> 
> 
> > -----Original Message-----
> > From:       Boyet, Adam C [SMTP:[EMAIL PROTECTED]]
> > Sent:       Thursday, April 27, 2000 4:18 PM
> > To: '[EMAIL PROTECTED]'
> > Subject:    Proxy or Firewall
> > 
> > Is it possible to use Net::SSLeay and OpenSSL to make a SSL request
> > through
> > a proxy or firewall.
> > 
> ______________________________________________________________________
> > OpenSSL Project                                 
> http://www.openssl.org
> > User Support Mailing List            
>         [EMAIL PROTECTED]
> > Automated List Manager                           
> [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: Proxy or Firewall

Reply via email to
