Firewall Wizards mailing list archives

Re: SSL Vulnerabilities?

From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Thu, 5 Aug 1999 10:01:24 -0700

Our front end firewall is a NT based Gauntlet 5.0
with only the SSL port open to the internet.  Since we are using the built
in SSL/Http-Proxy

...

Our thoughts were to simply disable the proxy and use Packet filtering rules
to manage the communications between the interent and the Webserver over the
SSL port.  Other than the fact that NT is bad platform to sit your firewalls
on, can any one think of any reason why this might be a BAD idea.


My impression is that there really isn't anything useful an app proxy can
do with SSL, being that it's encrypted at all.  For the payload, a
packet filter ought to be equivalent.  You do get some automatic protection
with an app proxy in terms of transport headers and such, so if you
switch to a packet filter, make sure the web server's OS has all it's patches,
etc..

                         Ryan

Current thread:

SSL Vulnerabilities? Kyle Starkey (Aug 05)
- Re: SSL Vulnerabilities? Joseph S D Yao (Aug 06)
- Re: SSL Vulnerabilities? Ge' Weijers (Aug 06)
- RE: SSL Vulnerabilities? Arjan Vos (Aug 06)
- <Possible follow-ups>
- Re: SSL Vulnerabilities? Ryan Russell (Aug 06)
- Re: SSL Vulnerabilities? czarcone (Aug 07)