httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: [PATCH] Make proxy CONNECT work again - Take 1
Date Tue, 31 Mar 1998 01:20:19 GMT
On Tue, 31 Mar 1998, Tim Hudson wrote:

> According to Marc Slemko:
> > But the fact that port 443 _is_ for crypto relates it.  The code doesn't
> > have to be cryto code in itself for export restrictions to apply.
>     You are problems then if you follow that line. I can setup a vhost 
> running on port 443 with the existing config ... does that mean that because
> I can listen on that specific port that the server has crypto hooks? :-)
>     The connect *proxy* has no crypto code in it. It simply forwards port 
> connections.

But vhosts don't come defaulting to 443 and only allowing 443 in a way
that can only be used for crypto.  That is the thing; the CONNECT code has
port 443 and 563 hardcoded so it is obviously designed to _only_ allow
connections to ports for the purposes of talking using crytpo.  

The whole idea is that while a generic something that may be usable as
crytpo "hooks" of some sort is probably ok, a specific something that can
only do things designed to assist in crypto may not be.

Now, because the "hooks" are hooks into _other_ products and not something
that is added to Apache, it may be safe.  I don't know.

>     However I do appreciate the need for USA-based people to be extremely
> cautious in this area.
> Tim.

View raw message