SSL over http instead of https

---

• From: winsoc <winsoc@xxxxxxxxxxxxxx>
• Date: Mon, 7 Apr 2008 20:26:33 +0100

---

Hi list,
I recently reviewed a web hosting provider, and made the assumption that due
to them not having https that they were not running SSL on their login
screens- therefore exposing credentials in cleartext.
However after reviewing the packets it became apparent that when you entered
the credentials, there was in fact a ssl handshake and the data was in fact
encrypted via sslv3.
Is there any logical reasoning for this- it would appear they use a IIS
webserver for this purpose.

Cheers

---

• Follow-Ups:
  • Re: SSL over http instead of https
    • From: Nick Owen
  • Re: SSL over http instead of https
    • From: Ger Apeldoorn
  • RE: SSL over http instead of https
    • From: Depp, Dennis M.

• Prev by Date: RE: Programmable USB device that can send keystrokes?
• Next by Date: Re: mirroring cable model traffic
• Previous by thread: SQL Slammer (Sapphire Worm) Frequency?
• Next by thread: RE: SSL over http instead of https
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)