Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security of HTTPS

From: <lordchariot () earthlink net>
Date: Tue, 23 Nov 2004 11:00:07 -0500

I wouldn't necessarily call it a MITM attack, but there are some products
out there that intentionally decrypt an SSL connection. These type of
products will take an SSL certificate as presented from the web site, and
re-create a new one on-the-fly to present to the client browser. If the
product's CA cert is loaded into the client, there aren't any certificate
warnings. If not, then most people click through the cert warning anyway
because they don't know any better.

These products are generally used to perform AV scans or Ad-Popup blocking
through an SSL connection. For example, an attachement coming in through an
SSL webmail connection that needs to be virus scanned at the gateway. 

Erik



-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Alex
Bihlmaier
Sent: Friday, November 19, 2004 6:07 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Security of HTTPS

Good Morning.



I am curious how strong the security of https can be.
Is there some possibility of a MITM attack?
Are there any papers out there outlining this aspect of security?



//thalunil



----------------------------------------------------------------
kallisti.de webmail access - email on the road
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: