Hi All
Thank you so much for all the response.
I have one more doubt. If we do normal proxying on https connection, is
it possible to read the https content data, at least the URL
Thanks, Raj Rajmohan SK
----- Original Message -----
From: "David Schwartz" <dav...@webmaster.com>
To: <openssl-users@openssl.org>
Sent: Wednesday, July 28, 2010 1:07 AM
Subject: RE: Man in the middle proxy - Not working
Rene Hollan:
Oh! I totally misunderstood this.
I thought OP wanted to MITM SSL sessions (which is possible, if
(a) the traffic is decrypted, (b) certs are reissued and resigned,
and (c) the client TRUSTS the modified cert chain (typically its
root cert)).
This is just HTTPS Proxy. In which case other answers about
terminating the HTTP connection first are correct.
No, you were correct. He does want to MITM SSL sessions.
A MITM and a normal proxy operate precisely the same way up until the
actual
proxying part starts. His problem is earlier, when he establishes the
connection to the client, determines what host and port the client wants
to
talk to, and then switches to his SSL proxy/MITM capability.
All those steps are the same.
1) Accept plaintext connection.
2) Wait for client to send request.
3) Confirm CONNECT request, host and port valid.
4) Send 200 reply.
5) Make connection to host and port requested by client.
6) If normal proxying, begin proxying (copy ciphertext between client and
server). If MITMing, begin MITMing (do SSL negotiation with both client
and
plaintext, copy plaintext between client and server).
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
