[Ach] git - cipher suites - proxy - thoughts
Adi Kriegisch
adi at kriegisch.at
Wed Nov 20 15:32:52 CET 2013
Hi!
> sorry for three useless commits during the last 24 hours. I was just
> trying to get the git-setup up and running behind our big chinese
> firewall here and ran into a problem that Adi (thanks!) gave me some
> clue about and I think it's worth mentioning here.
>
> we have a proxy that intercepts everything, including https. so a
> typical "man in the middle" to scan everything for malware & sh*t.
excellent finding! :)
Just two thoughts on that:
* I once had issues with such a beast when using F*EX (an open source
one-time download solution), that first downloads the file, scans it
and then lets the request pass-through. Probably someone here on
this list knows which vendors provide such an equipement.
For the one-time download solution it was a killer... ;-)
* Your client/proxy connected to the git.bettercrypto.org repo just fine
by using DHE-RSA-AES256-SHA (the site only offers SSL connections).
But I guess the "big chinese firewall" is ripping of the http auth --
just for you to be safe. ;-)
Anyways: Those proxy appliances should absolutely be mentioned! One can
even use ssllabs.com to get an idea of the ciphers supported by that
solution... ;-)
> will now start to review the document and try to contribute something
> more useful ;-)
Great! :-)
-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131120/08cdf9a8/attachment.sig>
More information about the Ach
mailing list