Re: SSL traffic via proxy server being 'intercepted'?
From: Thomas Karlsson (thomas.karlsson3@re.ove.telia.com)Date: 09/16/02
- Next message: James Grant: "Re: AT&T Spy Programs; In Bed w/Gov."
- Previous message: Fuzzy Logic: "Re: Major XP exploit (Get SP1 *NOW*)"
- In reply to: : "SSL traffic via proxy server being 'intercepted'?"
- Next in thread: : "Re: SSL traffic via proxy server being 'intercepted'?"
- Reply: : "Re: SSL traffic via proxy server being 'intercepted'?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Thomas Karlsson <thomas.karlsson3@re.ove.telia.com> Date: Mon, 16 Sep 2002 20:54:44 GMT
Colin Jones wrote:
> My understanding (which may be wrong!) was that when a browser sets up
> an SSL connection to a server, that they each have their own keys
> which are used to encrypt the traffic. This means that the data
> stream cannot be decrypted by a 'third' browser looking at the traffic
> stream.
>
> We have a problem however, whereby our application (going via Novell
> Bordermanager proxy server), across an SSL connection seems to be able
> to be seem on another user's PC!
>
> i.e. one user logs in and then another user on another PC sees the
> pages that the original user looked at. We can only think that it is
> the proxy which is delivering a cached version of the page, however we
> didin't think that a) SSL pages were cached or b) that the encrypted
> SSL data stream would be able to be displayed on the other browser
> anyway even if it were cached in some way!
>
> Anyone rule out possibilities/suggest anything that could be happening
> with this?
>
> --
> Main Web/ColdFusion server
> The connection is via HTTPS: over an SSL connection.
> The server is set up for single threaded sessions thereby negating any
> possible locking problems with session variables.
> The coldfusion server is set up with the following headers in
> application.cfm:
>
> <CFHEADER Name="Expires" Value="-1">
> <CFHEADER Name="cache-control" Value="no-cache, no-store,
> must-revalidate">
> <CFHEADER Name="Pragma" Value="no-cache">
>
> Novell Bordermanager Proxy Server
> The proxy server is set not to cache pages from the web server
> address.
>
> IE 5.5 Client PCs
> The client PCs are set not to go via the proxy for the web server
> address by using the exclusions section in the advanced proxy server
> setup.
I normal cases no one can see the ssl-encrypted pages except the user.
I think your problem is that the webserver/webpage are refering to http
and not https. I.E you connect to the server like
https://www.your.server.com and then in the index.html you have a link
saying http://www.your.server.com/index.html
You can easily spot if the original client (the one that should connect
to https) using ssl or not by sniffing the network. If the client uses
port 80 then its wrong :)
- Next message: James Grant: "Re: AT&T Spy Programs; In Bed w/Gov."
- Previous message: Fuzzy Logic: "Re: Major XP exploit (Get SP1 *NOW*)"
- In reply to: : "SSL traffic via proxy server being 'intercepted'?"
- Next in thread: : "Re: SSL traffic via proxy server being 'intercepted'?"
- Reply: : "Re: SSL traffic via proxy server being 'intercepted'?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
