[CentOS] Pptp vpn server

Fri Nov 5 09:27:38 UTC 2010
Ben McGinnes <ben at adversary.org>

On 5/11/10 9:39 AM, Ross Walker wrote:
> 
> As for the SSL part, you can monitor traffic over it in a couple of
> ways. For internal services being served out you can have the SSL
> connection terminate at the gateway and the gateway establish an
> internal SSL connection to the service. For internal clients
> connecting to external services I have used SSL inspectors, these
> basically initiate an SSL connection to the destination, take the
> certificate, generate a per-destination itself and pass that to the
> client, basically acting as a man in the middle, as long as the
> gateway/inspector is a trusted intermediate CA and the subject is
> preserved then the client doesn't have a problem with it.

I believe this is one of the methods that was looked at to enable ISPs
to filter/censor/log SSL connections should the government policies
become legislation here.  Except for all outbound connections.  The
rest of us call it a MitM (when used for outbound or between third
parties, not in your example).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101105/84f5de49/attachment-0005.sig>