The problem I am having, and why I asked the question, is that when non-HTTPS SSL traffic tries to go through our security suite, it gets blocked because the proxy is set to only allow HTTPS traffic through on port 443. So, what we are trying to do is determine whether the traffic is HTTPS or not before we put it in the enclave behind the proxy so we know whether or not to keep it on 443 or change it to another port designated for SSL non-HTTPS traffic.
Any suggestions on how this can be achieved?
>From: Jerry Talkington <jtalkington@xxxxxxxxxxxxxxxxxxxxx>
>Reply-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
>To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
>Subject: Re: [Ethereal-users] non-HTTPS SSL traffic
>Date: Fri, 20 Aug 2004 18:06:37 -0700
>MIME-Version: 1.0
>Received: from mc6-f35.hotmail.com ([65.54.252.171]) by mc6-s18.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 20 Aug 2004 18:06:49 -0700
>Received: from thud.ethereal.com ([65.208.228.223]) by mc6-f35.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 20 Aug 2004 18:06:49 -0700
>Received: from thud.ethereal.com (localhost [127.0.0.1])by thud.ethereal.com (Postfix) with ESMTPid B4E87AC2F7; Fri, 20 Aug 2004 20:06:44 -0500 (CDT)
>Received: from wally (wally.netisinc.com [10.1.1.230])by thud.ethereal.com (Postfix) with SMTP id 07B4F46E27for <ethereal-users@xxxxxxxxxxxx>; Fri, 20 Aug 2004 20:06:40 -0500 (CDT)
>Received: from 66.163.170.81 by wally (InterScan E-Mail VirusWall NT);Fri, 20 Aug 2004 20:06:39 -0500
>Received: from unknown (HELO smartasfuck.com)(jtalkington@xxxxxxxxxxxxx@69.224.16.83 with login)by smtp811.mail.sc5.yahoo.com with SMTP; 21 Aug 2004 01:06:39 -0000
>Received: by smartasfuck.com (Postfix, from userid 501)id 025DB73982; Fri, 20 Aug 2004 18:06:37 -0700 (PDT)
>X-Message-Info: HQbIehuYceT9z7Q99uTqyQlvdgbNcp6/K9lUOyEgUrA=
>X-Original-To: ethereal-users@xxxxxxxxxxxx
>Delivered-To: ethereal-users@xxxxxxxxxxxx
>Message-ID: <20040821010637.GA9127@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>Mail-Followup-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
>References: <BAY22-F205bHeO6WcIS0000266a@xxxxxxxxxxx>
>In-Reply-To: <BAY22-F205bHeO6WcIS0000266a@xxxxxxxxxxx>
>User-Agent: Mutt/1.5.5.1i
>X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on thud.ethereal.com
>X-Spam-Level:
>X-Spam-Status: No, hits=-3.4 required=6.0 tests=BAYES_00,HTML_MESSAGE,WEIRD_PORT autolearn=no version=2.64
>X-BeenThere: ethereal-users@xxxxxxxxxxxx
>X-Mailman-Version: 2.1.4
>Precedence: list
>List-Id: Ethereal user support <ethereal-users.ethereal.com>
>List-Unsubscribe: <http://www.ethereal.com/mailman/listinfo/ethereal-users>,<mailto:ethereal-users-request@xxxxxxxxxxxx?subject=unsubscribe>
>List-Archive: </pipermail>
>List-Post: <mailto:ethereal-users@xxxxxxxxxxxx>
>List-Help: <mailto:ethereal-users-request@xxxxxxxxxxxx?subject=help>
>List-Subscribe: <http://www.ethereal.com/mailman/listinfo/ethereal-users>,<mailto:ethereal-users-request@xxxxxxxxxxxx?subject=subscribe>
>Errors-To: ethereal-users-bounces@xxxxxxxxxxxx
>Return-Path: ethereal-users-bounces@xxxxxxxxxxxx
>X-OriginalArrivalTime: 21 Aug 2004 01:06:49.0545 (UTC) FILETIME=[2311C390:01C4871B]
>
>On Fri, Aug 20, 2004 at 09:01:24PM -0400, Bret Peresich wrote:
> > <P>Is there any way to differentiate between HTTPS traffic and SSL - non HTTPS traffic on port 443 when reading a capture?</P>
> >
>
>No, the whole point if SSL is to prevent other people from seeing what's
>the data being exchanged, including the protocol.
>
>--
>GPG public key:
>http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9D5B8762
>
>_______________________________________________
>Ethereal-users mailing list
>Ethereal-users@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-users
