Security Basics mailing list archives

Re: filter ssl traffic

From: "Vladimir B. Kropotov" <slyman2000 () mail ru>
Date: Thu, 27 Nov 2003 15:37:45 +0300


----- Original Message -----
From: "Burton M. Strauss III" <BStrauss () acm org>
To: <security-basics () securityfocus com>
Cc: "Vladimir B. Kropotov" <slyman2000 () mail ru>; "zidan"
<zidan00 () fastmail fm>
Sent: Monday, November 24, 2003 11:42 PM
Subject: RE: filter ssl traffic

What you might want to do is create an ssl proxy. Then users create an ssl
connection to the proxy and the proxy creates a connection to the remote
site.  That gives the proxy machine visibility of the unencrypted data.

Don't know if such a beast exists as freeware - search the web for
'transparent ssl proxy' - you'll find some interesting reading and a
commercial product or two that might meet your needs.


-----Burton


I think it's look like a some kind of man-in-the-middle attack.  You Must
Use Users PRIVATE keys to emplement this. It means you violate the ideology
in that kind of cryptography.


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

filter ssl traffic zidan (Nov 17)
- Re: filter ssl traffic Vladimir B. Kropotov (Nov 24)
  - RE: filter ssl traffic Burton M. Strauss III (Nov 25)
    - Re: filter ssl traffic Phil Brammer (Nov 25)
    - Re: filter ssl traffic Vladimir B. Kropotov (Nov 27)
    - Re: filter ssl traffic Byron Sonne (Nov 27)
    - RE: filter ssl traffic Corey Scott (Nov 28)
- RE: filter ssl traffic Keith Chng (Nov 28)