tis 2012-03-13 klockan 12:12 -0300 skrev Marcus Kool:
> > A sslbump whitelist is probably desired as well, skipping ssl/tls verification if it's already known the server is an https server.
>
> A whitelist has a security issue
It's not a "bypass" list. An sslbump whitelist in this context means
sites already verified compatible with sslbump, i.e. second connection
to bank.example.com can switch immediately to sslbump mode without
having to verify that bank.example.com is an https site.
Similar to your CONNECT cache.
Regards
Henrik
Received on Tue Mar 13 2012 - 18:43:19 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 14 2012 - 12:00:07 MDT