Re: ssl proxy, non-browser client

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

Enzo Michelangeli (em@who.net)
Wed, 17 Mar 1999 08:33:41 +0800

Next message: Anonymous: "Re: Anonymous cash via blinded authentication"
Previous message: Alex Alten: "Re: OK..."

Generally, HTTPS is proxied using a protocol described in the IETF draft
"draft-luotonen-web-proxy-tunneling-01.txt":
http://search.ietf.org/internet-drafts/draft-luotonen-web-proxy-tunneling-01
.txt
Basically, the client opens a plain TCP connection to the proxy server and
issues the command:

CONNECT some.secure.server:443 HTTP/1.0

The proxy obliges opening a TCP connection to the requested target, replies

200 Connection established

and stitches the two connections together, so that the client may start a
normal SSL handshaking directly with the target server without any
involvement of the proxy either in authentication or encryption.
Authentication during the initial phase can be handled using some mechanism
specific to HTTP (e.g., Basic Authentication). This is described in the
draft I mentioned.
Anyway, proxying and crypto should be considered quite orthogonal, as
certificates (or other SSL-specific data structures for that matter) are not
parsed or interpreted in any way by the proxy.

Cheers --

Enzo

-----Original Message-----
From: Joe Moll <jmoll@furtive.com>
To: CodherPlunks@toad.com <CodherPlunks@toad.com>
Date: Wednesday, March 17, 1999 3:29 AM
Subject: ssl proxy, non-browser client

>Greets:
>
>Anyone have a code example of how to get an SSL connection through an
>authenticating SSL proxy (in this case SQUID, and various Firewalls) to an
>external SSL server? We are developing a non-browser based SSL client, and
>need to use a SSL proxy to make the connection to the SSL server. We can
>authenticate with the proxy and we send the connect string to the proxy,
>but after that we are unable to get the server certificate to come down the
>stream. The code we have works if there is no proxy involved.
>
>We are prob. doing something stupid, any pointers would be appreciated.
>
>
>Best Regards,
>Joe Moll
>

Next message: Anonymous: "Re: Anonymous cash via blinded authentication"
Previous message: Alex Alten: "Re: OK..."

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

All trademarks and copyrights are the property of their respective owners.
Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:50