On Fri, Feb 08, 2008 at 08:52:02PM +0000, DePriest, Jason R. wrote:
> On Feb 8, 2008 8:49 AM, Sake Blok <> wrote:
>
> For the SSL traffic, it gets a little weird.
Yep, ssl-terminating-proxies are a funny breed :-)
I always wondered if there aren't any legal issues involved with
deploying one. I guess there must be a good privacy policy within a
company before using one since basically it is a man-in-the-middlei-attack
in a box :-)
Also, it breaks sites using client-certificates...
> It's the pseudo-cert from step 4 that I'm mystified over.
Well, it all depends on how the Bluecoat builds the pseudo-cert. If
it generates a new key for every new pseudo-cert, you're basically
lost as they probably won't be kept on the box after the session is
terminated.
If the Bluecoat uses the same key for all pseudo certificates you
still might be lost as the key might have a passphrase that is
unknown to you. If you are able to get a cleartext key, then
you should be able to decrypt some traffic with Wireshark.
Just out of curiosity, doesn't the Bluecoat provide some way of
creating capture files of the un-encrypted traffic before it's
re-encrypted?
Cheers,
Sake