"POP account for superquote.co.uk" <[EMAIL PROTECTED]> writes: > To proxy an https the proxy MUST decrypt the message ( or it cannot > understand the request ), so it MUST be the secure sever for the client ( or > it will not have the key to decrypt ) and then the proxy MUST re-encrypt and > then become the client for a connection with the remote server. No. The standard procedure for proxying HTTPS is for the client to tell the proxy to open a tunnel for uninterpreted data. This is done with the HTTP CONNECT request. See RFC 2817. This is also described in "SSL and TLS".
> I hope I have understood your problem and helped, if not - sorry for wasting > your time. > > I'm trying to snoop a secure transaction, using https-proxy-snif.pl from > Net_SSLeay.pm and I cannot get it to work for requests coming from IE6 on a > windows client on the local ( private ) network - it works for requests from > a linux client running on the same machine as the proxy, so the code is > basically correct. I've written into the newgroup 2 times, but nobody has > been able to answer my problem. If all you want to do is sniff, why not just use ssldump http://www.rtfm.com/ssldump. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] Author of "SSL and TLS: Designing and Building Secure Systems" http://www.rtfm.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
