On Thu, Jan 28, 1999, Andrew Daviel wrote:
> (I'm a newbie at SSL, though have built various Apache over the years..)
>
> Is it possible to use an https proxy in Netscape? I mean, set
> the host and port in Netscape preferences-> advanced -> proxy -> manual to
> an Apache-SSL with proxy enabled, so that the data from the user to the
> proxy is encrypted but from the proxy to the target server is plain http.
>
> I tried it with s_client and it seems to work, but not in Netscape (4.5
> Linux). Netscape is using http, not https I think, though I specify port
> 443. I also tried the "security proxy" box but I can't find any info on
> what that's supposed to do.
No, Netscape always uses HTTP+method when using the proxy for non SSL
connections and HTTP+CONNECT when using the proxy for SSL connections. The
"Security Proxy box" is for HTTPS, I think. But it's nevertheless the HTTP
port of a proxy where the CONNECT method can be used.
OTOH why do you want to use a encrypted connection to your proxy when the
proxy speaks unencrypted HTTP? Sounds useless to me, because why should you
want to protect data between you and the proxy when at the same time the data
is sent in plain text over the next between the origin server and the proxy?
When you're data should be encrypted, you use HTTPS to access the origin
server. And then even when a proxy is involved (because of the CONNECT) also
the connection between you and the proxy is encrypted.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
