No, there isn't any way to do this. Keep in mind that the browsers are
setting up an encrypted session to ensure security. Allowing you to
bypass this puts a pretty big hole in that security.
That isn't to say that there aren't possibilities to explore if you want
to get that elaborate.
For instance: You can have your proxy server intercept all secure web
traffic (port 443, usually) and handle it as if it were the web site.
This means it would have to have the private cert and your browser would
have to have the puplic key. Once your proxy has decrypted the info
with its private key, it passes it to the secure server that your
browser initially asked for, using the public key from that site.
Keep in mind there may be a few conceptual things I am overlooking here,
and the big issue: speed. The fact is that a secure connection is ever
so slightly slower than an open one. Piping your connection through one
secure connection and into another doubles the effect, and if you aren't
_VERY_ careful, there is all kinds of room to goof it up.
Also, keep in mind that, though your web browser can be configured to
use a proxy, this is strictly limited to open connections. If you are
going to proxy port 443 traffic, you have to use a traffic server trick
that simply routs all 443 traffic to your proxy without telling your
client about it.
I imagine this makes your project much larger than you intended it to
be, but this is the only possibility that comes to mind.
Lou
[EMAIL PROTECTED] (Allan Strid) wrote:
> Hi,
>
>
>
> I was wondering if someone knew if it is possible to bypass ssl usage in
> Nescape or IExplorer? I want to write an application acting as a proxy
> with its own certificates. Right now the application acts as a very
> simple http proxy. What I want is that the application itself should do
> the SSLconnection to the server and then just pass the cleartext to the
> browser.
>
> When typing https://blabla.com <https://blabla.com> in the browser it
> seems it automatically starts an SSL sesion. I tried to turn it off but
> didnt succeed.
>
> Hope someone know if this is possible to do or if there is some other
> way around this problem.
>
>
>
> Regards
>
>
>
> Allan
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
