httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: [PATCH] Make proxy CONNECT work again - Take 1
Date Mon, 30 Mar 1998 21:59:19 GMT
On Mon, 30 Mar 1998, sameer wrote:

> 	No, I don't think it is. It's not crypto, its not hooks to
> crypto, and its not technical assistance in the creation of crypto.

It is hooks to allow the use of crypto through the server. What is the
difference between this and having hooks to talk to a "SSL proxy" that
would be a separate program which took SSL requests from clients, changed
them into http requests to the local server and then changed responses
back?  Neither of them are hooks to put crypto in the same server, both
are hooks to let crypto be used by clients somehow.

It isn't clear, but IANAL and IANACE and I'm not in the US.


> 
> > On Mon, 30 Mar 1998, Martin Kraemer wrote:
> > 
> > > On Sun, Mar 29, 1998 at 12:54:58AM -0800, Dean Gaudet wrote:
> > > > > Proxy CONNECT broke a while ago (and nobody even noticed?!?).
> > > > 
> > > > Well I can't work on CONNECT, can I?  That's ssl crap isn't it?  :) 
> > > 
> > > No and yes. When I have a client in the inTRAnet and want to get out
> > > to a server in the inTERnet, connecting to, say,
> > > 
> > >     https://banking.bank24.de/
> > > 
> > > then the client will use whatever "security proxy" is configured (say:
> > > an apache-1.3b6 with proxy feature enabled) and issue a request...
> > > 
> > >     CONNECT banking.bank24.de:443 HTTP/1.0
> > > 
> > > The apache in question has no idea what the SSL deal is all about,
> > > it simply connects to (in my situation: the upstream firewall
> > > proxy on port 80, else: ) the requested server on the requested
> > > port.
> > > 
> > 
> > Except it is damn obvious that it is designed for SSL because it says it
> > is for SSL, the standard says it is for SSL, and it only allows it on SSL
> > (well, SSL NNTP or SSL) ports.
> > 
> > I think this is probably in violation of US export regulations.  
> > 
> 
> 
> -- 
> Sameer Parekh					Voice:   510-986-8770
> President					FAX:     510-986-8777
> C2Net
> http://www.c2.net/				sameer@c2.net
> 



Mime
View raw message