Firewall Wizards mailing list archives
Re: Security of HTTPS
From: "Shimon Silberschlag" <shimons () bll co il>
Date: Sun, 28 Nov 2004 16:08:35 +0200
there are some products out there that intentionally decrypt an SSL connection.
Erik,Can you give a list of those products? I'm only familiar with Finjan's Vital security for SSL.
Shimon Silberschlag +972-3-9351572 +972-50-7207130----- Original Message ----- From: <lordchariot () earthlink net>
To: <firewall-wizards () honor icsalabs com> Sent: Tuesday, November 23, 2004 18:00 Subject: RE: [fw-wiz] Security of HTTPS
I wouldn't necessarily call it a MITM attack, but there are some products out there that intentionally decrypt an SSL connection. These type of products will take an SSL certificate as presented from the web site, and re-create a new one on-the-fly to present to the client browser. If the product's CA cert is loaded into the client, there aren't any certificate warnings. If not, then most people click through the cert warning anyway because they don't know any better. These products are generally used to perform AV scans or Ad-Popup blockingthrough an SSL connection. For example, an attachement coming in through anSSL webmail connection that needs to be virus scanned at the gateway. Erik -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Alex Bihlmaier Sent: Friday, November 19, 2004 6:07 AM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Security of HTTPS Good Morning. I am curious how strong the security of https can be. Is there some possibility of a MITM attack? Are there any papers out there outlining this aspect of security? //thalunil ---------------------------------------------------------------- kallisti.de webmail access - email on the road _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs comhttp://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Security of HTTPS, (continued)
- RE: Security of HTTPS Ben Nagy (Nov 23)
- RE: Security of HTTPS Marcus J. Ranum (Nov 27)
- RE: Security of HTTPS Alex Bihlmaier (Nov 27)
- Re: Security of HTTPS Chuck Vose (Nov 27)
- RE: Security of HTTPS Marcus J. Ranum (Nov 27)
- RE: Security of HTTPS lordchariot (Nov 27)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- RE: Security of HTTPS Ben Nagy (Nov 23)
- Re: Security of HTTPS Kevin Sheldrake (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- RE: Security of HTTPS Servie Platon (Nov 27)
- RE: Security of HTTPS Paul D. Robertson (Nov 27)
- Re: Security of HTTPS Kevin Sheldrake (Nov 27)