Hi,
Most corporate users are obviously behind a proxy and a firewall.
How do they make SSL connections to outside web servers (on port 443)?
Do all HTTP Proxy servers support the CONNECT method? Or do the
corporates have the firewall open port 443 to everyone so that they
can directly connect (without going thru the proxy)? Or are there any
other possibilties?
I have also another question about the CONNECT method. If I connected
to the HTTP proxy server and used the CONNECT method, in theory do I
have a TCP connection to a server outside the firewall? For example,
if there was a ftp server outside the firewall that was setup to
listen on port 443 (just assume), could I use the CONNECT server to
send and receive FTP commands using the CONENCT method? because I dont
think the CONNECT method actually checks if it is "SSL" encrypted data
that is flowing through.
Thanks,
Steve
|
|
0
|
|
|
|
Reply
|
 user00
|
9/7/2003 5:05:03 AM |
|
[ Followup-To set, please reduce cross-posting ]
Steve <user00@hotmail.com> wrote:
> Hi,
> Most corporate users are obviously behind a proxy and a firewall.
> How do they make SSL connections to outside web servers (on port 443)?
> Do all HTTP Proxy servers support the CONNECT method? Or do the
> corporates have the firewall open port 443 to everyone so that they
> can directly connect (without going thru the proxy)? Or are there any
> other possibilties?
Usually https goes through the proxy but isn't cached from the proxy,
as it makes no real sense. But it's hard to tell without knowing any-
thing about the LAN, just a wild guess.
> I have also another question about the CONNECT method. If I connected
> to the HTTP proxy server and used the CONNECT method, in theory do I
> have a TCP connection to a server outside the firewall? For example,
> if there was a ftp server outside the firewall that was setup to
> listen on port 443 (just assume), could I use the CONNECT server to
> send and receive FTP commands using the CONENCT method? because I dont
> think the CONNECT method actually checks if it is "SSL" encrypted data
> that is flowing through.
You might be out of luck, there should be a firewall in front of the
proxy. Many newer firewalls are able to look into the data stream,
they will mention if it isn't SSL and deny/log the traffic.
Perhaps there'll be soon someone asking you, what you are actually
trying... Again, just a wild guess...
--
Michael Heiming
Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM
|
|
|
0
|
|
|
|
Reply
|
Michael
|
9/7/2003 7:48:14 AM
|
|
Michael Heiming wrote:
> [ Followup-To set, please reduce cross-posting ]
>
> Steve <user00@hotmail.com> wrote:
>
>>Hi,
>> Most corporate users are obviously behind a proxy and a firewall.
>>How do they make SSL connections to outside web servers (on port 443)?
>>Do all HTTP Proxy servers support the CONNECT method? Or do the
>>corporates have the firewall open port 443 to everyone so that they
>>can directly connect (without going thru the proxy)? Or are there any
>>other possibilties?
>
>
> Usually https goes through the proxy but isn't cached from the proxy,
> as it makes no real sense. But it's hard to tell without knowing any-
> thing about the LAN, just a wild guess.
>
>
>>I have also another question about the CONNECT method. If I connected
>>to the HTTP proxy server and used the CONNECT method, in theory do I
>>have a TCP connection to a server outside the firewall? For example,
>>if there was a ftp server outside the firewall that was setup to
>>listen on port 443 (just assume), could I use the CONNECT server to
>>send and receive FTP commands using the CONENCT method? because I dont
>>think the CONNECT method actually checks if it is "SSL" encrypted data
>>that is flowing through.
>
>
> You might be out of luck, there should be a firewall in front of the
> proxy. Many newer firewalls are able to look into the data stream,
> they will mention if it isn't SSL and deny/log the traffic.
> Perhaps there'll be soon someone asking you, what you are actually
> trying... Again, just a wild guess...
Yes, a proxy could look at the non-encrypted parts of the SSL
handshake. However, I've sent traffic that could not be mistaken for SSL
to port 443 through at least one proxy using CONNECT, so they don't all.
--Mike Amling
|
|
|
0
|
|
|
|
Reply
|
 nospam21 (11322)
|
9/7/2003 2:03:56 PM
|
|
Michael Amling <nospam@nospam.com> wrote:
....
> Yes, a proxy could look at the non-encrypted parts of the SSL
> handshake. However, I've sent traffic that could not be mistaken for SSL
> to port 443 through at least one proxy using CONNECT, so they don't all.
Didn't mean the proxy, there are firewalls able to look at the traffic
and log/drop the connection, if it's not allowed.
--
Michael Heiming
Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM
|
|
|
0
|
|
|
|
Reply
|
 USENET22 (5462)
|
9/7/2003 8:03:37 PM
|
|
|
3 Replies
392 Views
(page loaded in 0.006 seconds)
Similiar Articles: Proxy, SSL, and CONNECT simple questions - comp.lang.java.security ...Hi, Most corporate users are obviously behind a proxy and a firewall. How do they make SSL connections to outside web servers (on port 443)? Do all ... SSL connection via Proxy HTTP - comp.lang.java.securityProxy, SSL, and CONNECT simple questions - comp.lang.java.security ... Hi, Most corporate users are obviously behind a proxy and a firewall. How do they make SSL ... another simple question - comp.emacsProxy, SSL, and CONNECT simple questions - comp.lang.java.security ... I have also another question about the CONNECT method. If I connected to the HTTP ... SSL Connection java - comp.lang.java.securitySSL Connection java - comp.lang.java.security javax.net.ssl.SSLException Please help. Thanx - comp.lang.java ... Proxy, SSL, and CONNECT simple questions - comp.lang.java ... SSL and Non-ssl conncections - comp.databases.mysqlProxy, SSL, and CONNECT simple questions - comp.lang.java.security ... SSL and Non-ssl conncections - comp.databases.mysql SSL and Non-ssl conncections - comp.databases ... Socket connection from HTTP to HTTPS - comp.lang.rexxProxy, SSL, and CONNECT simple questions - comp.lang.java.security ... Socket connection from HTTP to HTTPS - comp.lang.rexx Proxy, SSL, and CONNECT simple questions ... FMP basic questions....help appreciated - comp.databases.filemaker ...I am trying to instantiate a simple SSL client ... SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA Any help is appreciated. ... Proxy, SSL, and CONNECT simple questions - comp.lang ... javax.net.ssl.SSLException: Unrecognized SSL message - comp.lang ...I am trying to instantiate a simple SSL client ... sftp, then should I not be able to connect to it > using an SSL ... SSL connection via Proxy HTTP - comp.lang.java.security javax ... Proxy settings... - comp.unix.solarisProxy, SSL, and CONNECT simple questions - comp.lang.java.security ... Proxy settings... - comp.unix.solaris Detect browser proxy settings from applet - comp.lang.java ... How to setup SSL connection for Remote Administration - comp.dcom ...JDBC over SSL - comp.lang.java.security... like to connect to the remote DBMS using JDBC over an ... software.itags.org: Cisco question: How to setup SSL connection for Remote ... Proxy, SSL, and CONNECT simple questions - comp.lang.java.security ...Hi, Most corporate users are obviously behind a proxy and a firewall. How do they make SSL connections to outside web servers (on port 443)? Do all ... .net - How to create a simple proxy in C#? - Stack OverflowProxy Keep-Alives; SSL won't ... SSL will work across HTTP and Socks proxies. For a HTTP proxy you implement the CONNECT verb ... Simple Http proxy using Sockets: Questions 7/26/2012 1:15:26 AM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
2 followers. 