Re: SSL question
From: Eric Chamberlain (telogix@hotmail.com)
Date: 06/08/02
- Next message: Allen Harkleroad - Microsoft MVP: "Re: Mail link scan"
- Previous message: x y: "Re: tiny personal firewall"
- In reply to: J. v.d. Bovenkamp: "SSL question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Eric Chamberlain" <telogix@hotmail.com> Date: Sat, 8 Jun 2002 14:16:09 -0700
"J. v.d. Bovenkamp" <joostb__@sps.nl> wrote in message
news:OoMO08hDCHA.1548@tkmsftngp02...
> first of all, this post probably won't belong in this NG, posted it in
some
> other NG's, but hey, you never know, right?
>
> OK, here it goes, starting with the situation:
>
> I have made a Web Service with .NET remoting classes, which is running
under
> IIS. It has some methods which are accessible by some client applications.
> These methods will return immediatly so the client can do some other
stuff.
> The information is returned in the form of events, which can happen at any
> time. I have developed this web service with the use of SSL in my head, so
> SSL will encrypt this information (WMI information). now i am at the point
> of testing the web service with SSL enabled. So i installed an SSL
> certificate on the Web Server, created a test site, checked if the data
was
> really encrypted with a packet analyser, and indeed it was encrypted.
>
> Now i enabled SSL on the virtual directory containing my web service,
almost
> everything works well. When calling a method on the web service, all data
> gets encrypted (pulling data from the web server/service), when analysing
> the packets, the data goes through port 443 and everything goes well.
> But the events which are pushing data out from the Web Service to the
client
> isn't encrypted. the data isn't sent over port 443.
> It seems that when a client initiates a request, this request is
encrypted,
> and within this request, the result (pulling data) is also encrypted. But
> when the server initiates a data request (pushing data) to the cliënt,
this
> data isn't encrypted.
>
> So my question is why this behaviour? is this normal? and is it possible
to
> disable this behaviour so all data in a single session is encrypted
(pulled
> or pushed)
> what i know of SSL, that it should work on all data sent between client
and
> server within a single session.
>
This is normal behavior. If you want to use the client initiated SSL sessio
n for server traffic, you will have to hold the connection open and send
your results back over that connection. If your server is initiating a new
session/network connection to the client, the client would have to run a SSL
server of it's own for the requests.
Another option would be to use IPSec, then all the traffic between the two
machines could be encrypted, regardless of who initiated the connection.
-- -- Eric Chamberlain CISSP, CCNA, CCDA, MCSE, CCA
- Next message: Allen Harkleroad - Microsoft MVP: "Re: Mail link scan"
- Previous message: x y: "Re: tiny personal firewall"
- In reply to: J. v.d. Bovenkamp: "SSL question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
