Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Application Proxy/L7 Firewall Recommendation?

From: Carson Gaspar <carson () taltos org>
Date: Thu, 05 Sep 2002 16:20:38 -0400
--On Thursday, September 05, 2002 2:34 PM +0200 Balazs Scheidler <bazsi () balabit hu> wrote: 


And yes SSL means that you can peek into decrypted SSL streams. (url
filtering in HTTPS, anyone?) You can limit CONNECT, or stack in a
decrypting HTTPS proxy within the CONNECT method to avoid instant
messengers to go through your firewall.
I'm glad to see that someone finally did this. I'd be interested in how the certificate spoofing is done, and what (if any) performance optimizations (such as spoofed cert caching) have been implemented. I did a design for this back in 1995 or so, but my employers decided not to implement it. 

--
Carson

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: