|
04-26-2006, 11:50 AM
|
#1 (permalink) |
|
Banned from being Banned
Location: Donkey
|
SSL Question
I think I already know the answer to this, but just double checking...
Say I went to https://blah.com/page.html... You'd be able to see that I'm connected to blah.com, obviously the content itself is encrypted, but would you be able to tell that I'm viewing page.html? (I'm assuming no, but ya never know..)
__________________
I love lamp. |
|
|
04-26-2006, 12:40 PM
|
#2 (permalink) |
|
Devils Cabana Boy
Location: Central Coast CA
|
in IE there is a small lock that apears locked in the lower right corner of the window. in firefox its the same location but it list the webpage that the key was issued to.
check https://www.wellsfargo.com/ ... actually your question was actually much more complicated then I thought. Sorry my response is kind of worthless to you.
__________________
Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen Last edited by Dilbert1234567; 04-26-2006 at 01:42 PM.. |
|
|
|
04-26-2006, 12:50 PM
|
#3 (permalink) |
|
Darth Papa
Location: Yonder
|
I BELIEVE that the GET or POST request occurs inside the envelope of the encrypted communication. There's an initial HELO against the server that initiates encryption negotiations, and then continuing encrypted data against that address, but the details of your requests should be encrypted.
See http://www.xramp.com/resources/how-ssl-works. |
|
|
|
04-26-2006, 01:53 PM
|
#4 (permalink) |
|
Insane
|
You can always use a packet sniffer such as Network Chemistry's Packetyzer, to see exactly what happens when you try to connect to an HTTPS site. That will tell you for sure - look in the data portion of the packet - if you can't read your HTTPS packets, then it is encrypted.
__________________
"You looked at me as if I was eating runny eggs in slow motion." - Gord Downie of The Tragically Hip |
|
|
|
04-29-2006, 09:09 PM
|
#5 (permalink) |
|
Irresponsible
|
No, the page within the site is encrypted as well. HTTPS opens up an SSL connection first, then uses HTTP protocol inside SSL, so someone running a sniffer can only see that you're connected via SSL to the HTTPS port on blah.com. I am a network engineer
 Technicaly, you could be running anything over the HTTPS port, and the only indication that it's not HTTP is the times and amounts of data transfered.
__________________
I am Jack's signature. |
|
|
| Tags |
| question, ssl |
|
|
