[Ach] git - cipher suites - proxy - thoughts
ulrich.poeschl at bmlvs.gv.at
Wed Nov 20 15:07:03 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
sorry for three useless commits during the last 24 hours. I was just
trying to get the git-setup up and running behind our big chinese
firewall here and ran into a problem that Adi (thanks!) gave me some
clue about and I think it's worth mentioning here.
we have a proxy that intercepts everything, including https. so a
typical "man in the middle" to scan everything for malware & sh*t.
what I never thought about, was checking the ssl-connection that the
proxy-appliance then negotiates with the real destination and I think
that should be a point worth mentioning in the paper. you can have the
newest shiny browser on your client, but if the intercepting proxy
negotiates weak crypto you loose again AND: you won't notice it.
I guess that the webserver at bettercrypto.org was not happy with what
the proxy here was offering, and the error message never reached my
just after disabling ssl-interception for bettercrypto.org it started
working properly. so this is 1. a problem with the capabilities of our
proxy here and 2. possibly a bug in the git binary.
will now start to review the document and try to contribute something
more useful ;-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Ach