Re: Security warning: Netscape 4.0x https & Squid 1.2beta proxy

From: Alex Rousskov <>
Date: Fri, 17 Jul 1998 16:44:32 -0600 (MDT)

On Sat, 18 Jul 1998, Henrik Nordstrom wrote:

> If you are using Squid 1.2beta and Netscape 4.x then you MUST use
> different server names for your HTTP and Security (SSL) proxy. This is
> due to a bug in Netscape4.0x that may cause https requests to be sent in
> plain text to a Squid 1.2beta proxy server.

I am not sure if it were the same bug or not, but I have seen Netscape 4.04
on FreeBSD 2.2.5 sending https requests in plain text as well. The site was
using framesets, had the same name for both secure and insecure servers, and
the bug was not "stable" but certainly reproducible. The connection was
through Squid 1.2.

So much for SSL security.

Received on Fri Jul 17 1998 - 15:46:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:09 MST