[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl] iSaSiLkLight & client side firewalls



Having gone back to re-read the "Tunneling TCP based protocols through Web 
proxy servers" draft, I can see that the mechanism I outlined below should 
work for establishing a connection to the SSL port of a remote server.

I expect that I should use SSLConnection as follows (based on the 
SSLCode1.java example):

SSLConnection s = new SSLConnection(serverName, serverPort, context);
s.setDebugStream(System.out);       // debugging info goes to System.out

dos = new DataOutputStream (s.getOutputStream());
dos.writeBytes("CONNECT " + serverName + ":" + portNumber + " 
HTTP/1.0\r\n");
dos.writeBytes("Proxy-Authorization: Basic ");
Base64Encoder b = new Base64Encoder(proxyUser+":"+proxyPW);
dos.writeBytes(b.processString()+"\r\n");
dos.writeBytes("\r\n");
dos.flush();

s.startHandshake();
      parentApplet.showStatus("Secure SSL Connection established, using "
                             + s.getActiveCipherSuite().getName());
      DataInputStream reader = new DataInputStream(s.getInputStream());
      PrintStream writer = new PrintStream(s.getOutputStream());

      writer.println("GET " + url + " HTTP/1.0");
      writer.println();
      writer.flush();

Unfortunately I can't test this yet. (yes I know that the above code has 
problems, it is an indication of what I am attempting)


There is a compile time error in SSLCode1.java which is present in the 
demo\classes directory of the iSaSiLkLight evaluation.

SSLClientContext context = new 
SSLClientContext((RSAPublicKey)PublicKeyStore.getPublicKey("RSA"),
 
                                                   (DHPublicKey)PublicKe  
yStore.getPublicKey("DH"));

The PublicKeyStore variable is undefined.

Is there a fix for this?

Cheers,
Andrew

-----Original Message-----
From:	Andrew Roughan [SMTP:andrew.roughan@ficsgrp.com]
Sent:	Tuesday, September 07, 1999 11:27 AM
To:	iaik-ssl@iaik.tu-graz.ac.at
Subject:	RE: [iaik-ssl] iSaSiLkLight & client side firewalls

Andreas Sterbenz wrote:
>Another solution for SSL from behind a firewall would be to use the
>user's standard SSL proxy and connect through it just like the browser
>does. In that case the applet would need to obtain the proxy settings
>somehow, acquire the connect privilege for it from the SecurityManager,
>and connect through it.

I am working on a proof of concept and a connection established in this 
manner would be acceptable.

In the past I have implemented this type of tunnelling with standard 
sockets:

Socket MySocket = New Socket (proxyServerName, proxyPortNumber);
dos = new DataOutputStream (socket.getOutputStream());
dos.writeBytes("CONNECT " + serverName + ":" + portNumber + " 
HTTP/1.0\r\n");
dos.writeBytes("Proxy-Authorization: Basic ");
Base64Encoder b = new Base64Encoder(proxyUser+":"+proxyPW);
dos.writeBytes(b.processString()+"\r\n");
dos.writeBytes("\r\n");
dos.flush();

I am not sure how to go about this with SSL sockets using iSaSiLkLight.
Does anyone know where I can find an example of this documented somewhere?
How much SSL knowledge do I need to be able to do this? Currently I have 
none.

What I would like to be able to do is to connect to an SSL protected site 
which is not under my direct control.
(e.g. My applet will act like a Browser does by establishing an SSL 
connection and then interacting with standard HTTP)
Anyone know of any gotchya's in that scenario?

Thanks,
Andrew Roughan
FICS Australia

 

--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl