Hacker Newsnew | comments | show | ask | jobs | submit login

no, they just pass it along to the service listening on that port. How would you verify HTTPS without decrypting it?



Let’s be careful here.

Yes there are firewalls/proxies which check for validity of HTTP over port 80, though others don’t bother, or just look at the first bit of traffic for each connection.

HTTPS goes over port 443, and I imagine there are some firewalls somewhere or another which block it altogether. Probably not enough of them to worry too much about though.

Some firewalls at least make sure that traffic over port 443 does a proper SSL handshake.... after that the data is encrypted, so they have no way to tell just what’s going through.

-----


So would FlashSocket traffic get blocked by these firewalls if it was trying to sneak in through port 80, then? That would kinda beat the purpose of this effort.

-----


Even if your firewall doesn't track it, you could set up an IDS system to detect and alert on it, if you were into that sort of thing.

-----


You don't need to be able to decrypt anything to identify an HTTPS flow. An unencrypted SSL/TLS handshake takes place first, before any encrypted data is sent across the wire.

Some firewalls can track this.

-----


Right. But you can still run whatever protocol you like -on top- of SSL.

-----


Hah. Good point. Thanks.

-----




Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: