On Oct 5, 2:50 am, John Nagle <[EMAIL PROTECTED]> wrote: > Johny wrote: > > Martin and John, > > Thank you both for your replies > > Must I have OpenSSL imported in my Python program? > > So far I have been using only SSL support. > > Built-in SSL support works OK if I connect from my Python program > > directly to SSL server ( but not via proxy). > > L. > > SSL isn't SUPPOSED to work through proxies. That's the whole point of > SSL - to prevent somebody in the middle from tapping into the connection. > Look up "man in the middle attack".
I'm afraid this is complete rubbish - using a proxy with SSL is fine. The only issue is that the built in python SSL support doesn't work with proxies. There are a number of ways of adding support though eg. http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/456195 One thing to note is that python's built in SSL support does not validate the server certicate and is therefore vulnerable to MITM attacks irrespective of whether a proxy is in use or not. If you want real security then you need to use something like PyOpenSSL or M2Crypto and a certificate store with your root CAs. Rich. -- http://mail.python.org/mailman/listinfo/python-list
