Re: SSL and IPS (was RE: ssh and ids)

[Wouter Clarie <rimshot () pandora be>]

On Wed, 30 Jun 2004, Michael H. Warfield wrote:

>       The files are ready.
>
>       You can let me know what the URL was that was requested.  You can
> readily extract the server name from the cert.  The rest will come from
> the decrypted session.

[snip]

>       You now have everything you claim to need.  Send me back the URL
> and the html text of the page.  I want to see this.  I'll be truely
> impressed if you can do what you claim to do.

I think you made a mistake. This session does not use DH, it uses
TLS_RSA_WITH_RC4_128_MD5, so you don't even need the certificate.

This was the request:

    GET /kudzu/ HTTP/1.1
    Host: www.cryptolinux.org
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510
    Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive

Reply:

    <HTML><HEAD>
    <TITLE>CyrptoLinux - LinuxCryto - Cryptography on Linux</TITLE>
    <META name="description" content="Welcome to CryptoLinux.  This is a resource
    site for all thing cryptographic on Linux.">
    <META name="keywords" content="Linux, Cryptography, Cryptographic, Linux OS,
    Linux operation system">
    </HEAD>
    <BODY BACKGROUND=/backgrounds/paper/blue_paper.gif BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" ALINK="#FF0000" 
VLINK="#551A8B">
    <img src="/crypto_tux_l.gif" align=left>
    <img src="/crypto_tux_r.gif" align=right>
    <Center>

Etc...

Regards,

Wouter Clarie

---------------------------------------------------------------------------

---------------------------------------------------------------------------