[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [iaik-ssl] iSaSiLkLight & client side firewalls
Having gone back to re-read the "Tunneling TCP based protocols through Web
proxy servers" draft, I can see that the mechanism I outlined below should
work for establishing a connection to the SSL port of a remote server.
I expect that I should use SSLConnection as follows (based on the
SSLCode1.java example):
SSLConnection s = new SSLConnection(serverName, serverPort, context);
s.setDebugStream(System.out); // debugging info goes to System.out
dos = new DataOutputStream (s.getOutputStream());
dos.writeBytes("CONNECT " + serverName + ":" + portNumber + "
HTTP/1.0\r\n");
dos.writeBytes("Proxy-Authorization: Basic ");
Base64Encoder b = new Base64Encoder(proxyUser+":"+proxyPW);
dos.writeBytes(b.processString()+"\r\n");
dos.writeBytes("\r\n");
dos.flush();
s.startHandshake();
parentApplet.showStatus("Secure SSL Connection established, using "
+ s.getActiveCipherSuite().getName());
DataInputStream reader = new DataInputStream(s.getInputStream());
PrintStream writer = new PrintStream(s.getOutputStream());
writer.println("GET " + url + " HTTP/1.0");
writer.println();
writer.flush();
Unfortunately I can't test this yet. (yes I know that the above code has
problems, it is an indication of what I am attempting)
There is a compile time error in SSLCode1.java which is present in the
demo\classes directory of the iSaSiLkLight evaluation.
SSLClientContext context = new
SSLClientContext((RSAPublicKey)PublicKeyStore.getPublicKey("RSA"),
(DHPublicKey)PublicKe
yStore.getPublicKey("DH"));
The PublicKeyStore variable is undefined.
Is there a fix for this?
Cheers,
Andrew
-----Original Message-----
From: Andrew Roughan [SMTP:andrew.roughan@ficsgrp.com]
Sent: Tuesday, September 07, 1999 11:27 AM
To: iaik-ssl@iaik.tu-graz.ac.at
Subject: RE: [iaik-ssl] iSaSiLkLight & client side firewalls
Andreas Sterbenz wrote:
>Another solution for SSL from behind a firewall would be to use the
>user's standard SSL proxy and connect through it just like the browser
>does. In that case the applet would need to obtain the proxy settings
>somehow, acquire the connect privilege for it from the SecurityManager,
>and connect through it.
I am working on a proof of concept and a connection established in this
manner would be acceptable.
In the past I have implemented this type of tunnelling with standard
sockets:
Socket MySocket = New Socket (proxyServerName, proxyPortNumber);
dos = new DataOutputStream (socket.getOutputStream());
dos.writeBytes("CONNECT " + serverName + ":" + portNumber + "
HTTP/1.0\r\n");
dos.writeBytes("Proxy-Authorization: Basic ");
Base64Encoder b = new Base64Encoder(proxyUser+":"+proxyPW);
dos.writeBytes(b.processString()+"\r\n");
dos.writeBytes("\r\n");
dos.flush();
I am not sure how to go about this with SSL sockets using iSaSiLkLight.
Does anyone know where I can find an example of this documented somewhere?
How much SSL knowledge do I need to be able to do this? Currently I have
none.
What I would like to be able to do is to connect to an SSL protected site
which is not under my direct control.
(e.g. My applet will act like a Browser does by establishing an SSL
connection and then interacting with standard HTTP)
Anyone know of any gotchya's in that scenario?
Thanks,
Andrew Roughan
FICS Australia
--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl