[Ach] git - cipher suites - proxy - thoughts

Adi Kriegisch adi at kriegisch.at
Wed Nov 20 15:32:52 CET 2013


> sorry for three useless commits during the last 24 hours. I was just
> trying to get the git-setup up and running behind our big chinese
> firewall here and ran into a problem that Adi (thanks!) gave me some
> clue about and I think it's worth mentioning here.
> we have a proxy that intercepts everything, including https. so a
> typical "man in the middle" to scan everything for malware & sh*t.
excellent finding! :)

Just two thoughts on that:
* I once had issues with such a beast when using F*EX (an open source
  one-time download solution), that first downloads the file, scans it
  and then lets the request pass-through. Probably someone here on
  this list knows which vendors provide such an equipement.
  For the one-time download solution it was a killer... ;-)
* Your client/proxy connected to the git.bettercrypto.org repo just fine
  by using DHE-RSA-AES256-SHA (the site only offers SSL connections).
  But I guess the "big chinese firewall" is ripping of the http auth --
  just for you to be safe. ;-)

Anyways: Those proxy appliances should absolutely be mentioned! One can
even use ssllabs.com to get an idea of the ciphers supported by that
solution... ;-)

> will now start to review the document and try to contribute something
> more useful ;-)
Great! :-)

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131120/08cdf9a8/attachment.sig>

More information about the Ach mailing list