Michael Heiming wrote:
> [ Followup-To set, please reduce cross-posting ]
>
> Steve <(E-Mail Removed)> wrote:
>
>>Hi,
>> Most corporate users are obviously behind a proxy and a firewall.
>>How do they make SSL connections to outside web servers (on port 443)?
>>Do all HTTP Proxy servers support the CONNECT method? Or do the
>>corporates have the firewall open port 443 to everyone so that they
>>can directly connect (without going thru the proxy)? Or are there any
>>other possibilties?
>
>
> Usually https goes through the proxy but isn't cached from the proxy,
> as it makes no real sense. But it's hard to tell without knowing any-
> thing about the LAN, just a wild guess.
>
>
>>I have also another question about the CONNECT method. If I connected
>>to the HTTP proxy server and used the CONNECT method, in theory do I
>>have a TCP connection to a server outside the firewall? For example,
>>if there was a ftp server outside the firewall that was setup to
>>listen on port 443 (just assume), could I use the CONNECT server to
>>send and receive FTP commands using the CONENCT method? because I dont
>>think the CONNECT method actually checks if it is "SSL" encrypted data
>>that is flowing through.
>
>
> You might be out of luck, there should be a firewall in front of the
> proxy. Many newer firewalls are able to look into the data stream,
> they will mention if it isn't SSL and deny/log the traffic.
> Perhaps there'll be soon someone asking you, what you are actually
> trying... Again, just a wild guess...
Yes, a proxy could look at the non-encrypted parts of the SSL
handshake. However, I've sent traffic that could not be mistaken for SSL
to port 443 through at least one proxy using CONNECT, so they don't all.
--Mike Amling
|
Similar Threads
Linear Mode
