[lug] ssl
Michael J. Pedersen
marvin at keepthetouch.org
Tue Feb 13 10:52:31 MST 2001
On Tue, Feb 13, 2001 at 11:54:49AM -0500, Hugh Brown wrote:
> I am new to ssl and am looking for a good beginners guide. Any
> recommendations?
http://www.openssl.org Should have a fair amount of information, though I
can't get to their site right now, due to some problems with my firewall at
work (man, I hate this network here).
> For instance, I have a non-ssl page (insecure.html) that has a link on it
> that points to https://tuna.fish.net/securedir/index.html that is password
> protected via apache. When the login prompt comes up is that encrypted or
> do I need to go to a secure page first and then go to a login via ssl?
That depends on which process serves up the page. If the page itself is served
by an https connection, I would bet that the password is also done by way of
https. However, I'm not positive, so can't provide proof one way or the other.
> I was also trying to sniff the traffic on the webpage (I have to do a
> seminar for some customers showing them why they want security and I was
> hoping to be able to do a hands on demo that shows a username and password
> going across clear text via a webpage login). When I sniff an apache login
> setup, I just see garbage going across (I'm not using ssl for that
> section). How can I see that traffic?
See that traffic? I don't know. However, you can demonstrate using telnet as
well, which should be pretty trivial to sniff.
Sorry, it's not much help, but I hope it's some help.
--
Michael J. Pedersen
My GnuPG KeyID: 4E724A60 My Public Key Available At: wwwkeys.pgp.net
My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
GnuPG available at http://www.gnupg.org
More information about the LUG
mailing list