[lug] ssl

Hugh Brown hugh at vecna.com
Tue Feb 13 09:54:49 MST 2001


I am new to ssl and am looking for a good beginners guide.  Any
recommendations?

I was also wondering about where the encryption takes place.

For instance, I have a non-ssl page (insecure.html) that has a link on it
that points to https://tuna.fish.net/securedir/index.html  that is password
protected via apache.  When the login prompt comes up is that encrypted or
do I need to go to a secure page first and then go to a login via ssl?

Is that a stupid question since every request is a one time request and it
either goes through an ssl tunnel or it doesn't?

I was also trying to sniff the traffic on the webpage (I have to do a
seminar for some customers showing them why they want security and I was
hoping to be able to do a hands on demo that shows a username and password
going across clear text via a webpage login).  When I sniff an apache login
setup, I just see garbage going across (I'm not using ssl for that
section).  How can I see that traffic?

Hugh





More information about the LUG mailing list