RE: SSL over http instead of https



What kind of authentication are the using. If they are using Windows integrated authentication, then the password is sent encrypted.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of winsoc
Sent: Monday, April 07, 2008 3:27 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: SSL over http instead of https

Hi list,
I recently reviewed a web hosting provider, and made the assumption that due
to them not having https that they were not running SSL on their login
screens- therefore exposing credentials in cleartext.
However after reviewing the packets it became apparent that when you entered
the credentials, there was in fact a ssl handshake and the data was in fact
encrypted via sslv3.
Is there any logical reasoning for this- it would appear they use a IIS
webserver for this purpose.

Cheers



Relevant Pages

  • RE: ISA 2006 and SSL
    ... same user can access the site in question by creating an SSL-Tunnel and is ... Microsoft Online Partner Support ... | Subject: RE: ISA 2006 and SSL ... | | rule to allow HTTPS to local host, instead of all http and https ...
    (microsoft.public.isa)
  • Re: RWW with no https
    ... I do not consider a:8080 a url that is appropriate for a SSL end user connection. ... So just so we are all clear, RWW HAS to go over HTTPS. ... Even if I do https but port 8080 would not matter ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot Access Includes Above Current Directory if using SSL
    ... I'm new to your list and configuring Apache with the SSL module enabled ... similar nested levels in directory tree but not SSL). ... within the https directory tree. ... The SSI is mostly for testing trying to figure out why my PHP scripts ...
    (php.general)
  • Cannot Access Includes Above Current Directory if using SSL
    ... I'm new to your list and configuring Apache with the SSL module enabled ... similar nested levels in directory tree but not SSL). ... within the https directory tree. ... The SSI is mostly for testing trying to figure out why my PHP scripts ...
    (php.general)
  • Cannot Access Includes Above Current Directory if using SSL
    ... I'm new to your list and configuring Apache with the SSL module enabled ... similar nested levels in directory tree but not SSL). ... within the https directory tree. ... The SSI is mostly for testing trying to figure out why my PHP scripts ...
    (php.general)