Re: SSL reverse proxy

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 29 May 2000 17:03:52 +0200

vectro@pipeline.com wrote:

> Why couldn't the proxy perform a man-in-the-middle attack on the
> connection?

By definition the proxy is a man-in-the-middle if it decrypts the data
stream. However in view of SSL the proxy is the endpoint in such cases,
so in fact is not...

Note that the proxy can only decrypt the datastream if it knows the
private SSL key for the domainname. If it doesn't then the SSL channel
will fail identifying the server, and the browser brings up a notice
dialog telling the fact.

--
Henrik Nordstrom
Squid hacker
Received on Mon May 29 2000 - 09:32:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:36 MST