Security Basics mailing list archives
Question on appliances that do "decryption" of SSL
From: Ray Van Dolson <rvdolson () gmail com>
Date: Thu, 21 Apr 2011 12:00:17 -0700
Hearing a lot from vendors these days that do "decryption" of SSL (usually in the form of HTTPS presumably). I've been trying to think up how this could be implemented: - Somehow the device has the private key of the remote site being accessed (unlikely for Internet sites) - The device presents a certificate that is "valid" to the browser/client and then transparently proxies on to the "real" site. Am I missing some other method? This would be easy enough to circumvent by removing your "organization" as a trusted CA from your browser... I'd think also this could introduce concerns where an invalid certificate is being used on the "real" site, though obviously the MITM device could relay this back tot he client with a bit of intelligence I suppose. Thoughts? Thanks, Ray ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Question on appliances that do "decryption" of SSL Ray Van Dolson (Apr 25)
- RE: Question on appliances that do "decryption" of SSL David Gillett (Apr 26)
- Re: Question on appliances that do "decryption" of SSL Edd Burgess (Apr 26)
- Re: Question on appliances that do "decryption" of SSL DaKahuna (Apr 27)
- Re: Question on appliances that do "decryption" of SSL Edd Burgess (Apr 26)
- Re: Question on appliances that do "decryption" of SSL Paul Johnston (Apr 26)
- <Possible follow-ups>
- Re: Question on appliances that do "decryption" of SSL kaarthik rm (Apr 27)
- RE: Question on appliances that do "decryption" of SSL David Gillett (Apr 26)