From: Shashank Rai (shashrai@emirates.net.ae)
Date: Tue Jan 06 2004 - 22:37:11 EST
> It maybe uses the Micro$oft NTLM authentication scheme - or similar.
> What does a packet sniffer tell you, what happens?
>
> Bye
>
> Volker Tanger
> ITK-Security
It is nothing to do with NTLM auth (or for that matter basic auth). When
i browse the site using IE, i am prompted to provide the user
certificate. Running stunnel/sslproxy in debug mode clearly show the
server requesting the client certificate.
Packet sniffer is good only to the extent of showing me TLS v1 hand
shake (and ofcourse the remaining conversation is encrypted).
I belive the site is M$ specific, 'coz, sslproxy/stunnel manage to
complete the SSL handshake, and open a connection to the server. But the
moment i send a "GET / HTTP/1.0" request, the connection is closed from
the server end, stating that the client certificate i provided is not
valid (the certificate had been exported from IE, along with the private
key). Hence the conclusion that the calls made to check the validity of
the certificate are someway M$ specific!!! (as stated in my original
post)
Thanks anyway :)
cheers,
-- shashank <-- Here is the Packet that was fragmented and has been assembled again. (with apologies to JRR Tolkien :) --> --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT