[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl] Going through Microsoft proxy



Title: RE: [iaik-ssl] Going through Microsoft proxy

you can write some handshaking code to deal with NTLM authentication.

i am going to do this next week actually. i expect to be working late.

you can find an implementation (in C) on the l0pht site that you can
work from.

btw, check out this paper for other delights
http://www.microsoft.com/technet/ecommerce/sececomm.asp

paul


-----Original Message-----
From: Thomas Ernst [mailto:thomas.ernst@canoo.com]
Sent: Wednesday, November 08, 2000 5:06 PM
To: iaik-ssl@iaik.at
Cc: Oliver.Schnaus@tecoplan.com
Subject: RE: [iaik-ssl] Going through Microsoft proxy


Hello,

recently we also came across some problems with authetication towards a
Microsoft proxy. The reason was that the proxy was configured to do NTLM
authentication and not BASIC authentication. Unfortunately, NTLM
authentication is only supported by Microsoft components such as Internet
Explorer (the NTLM protocol is proprietary to Microsoft :-(). The only way
to get around this is probably to install the Microsoft WinSock Proxy Client
which handles NTLM authentication transparently to any application.

I don't know whether this information really helps you but I hope so. For
further information on NTLM see http://www.innovation.ch/java/ntlm.html and
http://www.pla-netx.com/linebackn/evil/msproxy.html.

Regards

Thomas

*****************************
Thomas Ernst
Canoo Engineering AG
Kirschgartenstrasse 7
CH-4051 Basel
Tel +41 61 228 94 44
Fax +41 61 228 94 49
http://www.canoo.com
mailto:thomas.ernst@canoo.com


> -----Original Message-----
> From: iaik-ssl-owner@iaik.tu-graz.ac.at
> [mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]On Behalf Of Schnaus, Oliver
> Sent: Mittwoch, 8. November 2000 17:28
> To: 'iaik-ssl@iaik.at'
> Cc: Schnaus, Oliver
> Subject: [iaik-ssl] Going through Microsoft proxy
>
>
> Hi all,
>
> I make an HttpsURLConnection to a server going through some proxy's using
> the iSiSaLk3.03 libs. As the system properties https.ProxyServer and
> https.ProxyPort are set, this works fine for SQID Proxy but not for the
> Microsoft proxy.
> In later case, we tested several options, but none with success (see
> Exceptions below).
>
> Using authentication, I get this trace:
>
> org.w3c.www.protocol.http.HttpException: java.io.IOException: Proxy
> responded: HTTP/1.1 407 Proxy authentication required
> java.io.IOException: Proxy responded: HTTP/1.1 407 Proxy authentication
> required
>       at iaik/security/ssl/Utils.proxyConnect
>       at iaik/security/ssl/Utils.proxyConnect
>       at iaik/security/ssl/Utils.proxyConnect
>       at iaik/security/ssl/Utils.proxyConnect
>       at org/w3c/www/protocol/http/f.a
>       at org/w3c/www/protocol/http/f.markUsed
>       at org/w3c/www/protocol/http/HttpBasicServer.getConnection
>       at org/w3c/www/protocol/http/HttpBasicServer.runRequest
>       at org/w3c/www/protocol/http/HttpManager.runRequest
>       at org/w3c/www/protocol/http/HttpURLConnection.connect
>       at org/w3c/www/protocol/http/HttpURLConnection.a
>       at org/w3c/www/protocol/http/HttpURLConnection.getInputStream
>
> Disabling the authentication (allow anonymous login), I get the following:
>
> org.w3c.www.protocol.http.HttpException: java.io.IOException: Proxy
> responded: HTTP/1.1 502 Proxy Error ( Der angegebene
> SSL-Anschluss ist nicht
> erlaubt.  )
> java.io.IOException: Proxy responded: HTTP/1.1 502 Proxy Error ( Der
> angegebene SSL-Anschluss ist nicht erlaubt.  )
>       at iaik/security/ssl/Utils.proxyConnect
>       at iaik/security/ssl/Utils.proxyConnect
>       at iaik/security/ssl/Utils.proxyConnect
>       at iaik/security/ssl/Utils.proxyConnect
>       at org/w3c/www/protocol/http/f.a
>       at org/w3c/www/protocol/http/f.markUsed
>       at org/w3c/www/protocol/http/HttpBasicServer.getConnection
>       at org/w3c/www/protocol/http/HttpBasicServer.runRequest
>       at org/w3c/www/protocol/http/HttpManager.runRequest
>       at org/w3c/www/protocol/http/HttpURLConnection.connect
>       at org/w3c/www/protocol/http/HttpURLConnection.a
>       at org/w3c/www/protocol/http/HttpURLConnection.getInputStream
>
> I alread tried out the following:
>       String password = proxyUser + ":" + proxyPassword;
>             String encodedPassword = "Basic " + new
> BASE64Encoder().encode((password.getBytes()));
>             connection.setRequestProperty("Proxy-Authorization",
> encodedPassword);
> but it won't work either.
>
> Can anyone help me with this?
>
> Thanks in advance,
>
> Oliver
>
>
> TECOPLAN AG - Digital Mockup Technology
> Oliver Schnaus (mailto:Oliver.Schnaus@tecoplan.com)
> D-85521 Munich/Ottobrunn (Germany),
> Einsteinstrasse 30
> Voice: +49 89 608762-16,  Fax: +49 89 608762-18,
> http://www.tecoplan.com/
> ---------------------------------------------------------------------
> news..... news..... news..... news..... news..... news.....
> ---------------------------------------------------------------------
> xbrioso - webtime engineering - engineering service center on the
> web -  pls
> visit: www.xbrioso.com or www.xbrioso.de
> ---------------------------------------------------------------------
> Please see http://www.OpenDMU.com - the alliance of strong partners  ! !
> ---------------------------------------------------------------------
>
>
>
>
> --
> Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the
> folowing content: UNSUBSCRIBE iaik-ssl
>

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl