SSL Question - Tilted Forum Project Discussion Community

Stompy · 04-26-2006, 11:50 AM

I think I already know the answer to this, but just double checking...

Say I went to https://blah.com/page.html...

You'd be able to see that I'm connected to blah.com, obviously the content itself is encrypted, but would you be able to tell that I'm viewing page.html?

(I'm assuming no, but ya never know..)

Dilbert1234567 · 04-26-2006, 12:40 PM

in IE there is a small lock that apears locked in the lower right corner of the window. in firefox its the same location but it list the webpage that the key was issued to.

check https://www.wellsfargo.com/

... actually your question was actually much more complicated then I thought. Sorry my response is kind of worthless to you.

ratbastid · 04-26-2006, 12:50 PM

I BELIEVE that the GET or POST request occurs inside the envelope of the encrypted communication. There's an initial HELO against the server that initiates encryption negotiations, and then continuing encrypted data against that address, but the details of your requests should be encrypted.

See http://www.xramp.com/resources/how-ssl-works.

trache · 04-26-2006, 01:53 PM

You can always use a packet sniffer such as Network Chemistry's Packetyzer, to see exactly what happens when you try to connect to an HTTPS site. That will tell you for sure - look in the data portion of the packet - if you can't read your HTTPS packets, then it is encrypted.

yotta · 04-29-2006, 09:09 PM

No, the page within the site is encrypted as well. HTTPS opens up an SSL connection first, then uses HTTP protocol inside SSL, so someone running a sniffer can only see that you're connected via SSL to the HTTPS port on blah.com. I am a network engineer

Technicaly, you could be running anything over the HTTPS port, and the only indication that it's not HTTP is the times and amounts of data transfered.

04-26-2006, 11:50 AM	#1 (permalink)
Stompy Banned from being Banned Location: Donkey	SSL Question I think I already know the answer to this, but just double checking... Say I went to https://blah.com/page.html... You'd be able to see that I'm connected to blah.com, obviously the content itself is encrypted, but would you be able to tell that I'm viewing page.html? (I'm assuming no, but ya never know..) __________________ I love lamp.

04-26-2006, 12:40 PM	#2 (permalink)
Dilbert1234567 Devils Cabana Boy Location: Central Coast CA	in IE there is a small lock that apears locked in the lower right corner of the window. in firefox its the same location but it list the webpage that the key was issued to. check https://www.wellsfargo.com/ ... actually your question was actually much more complicated then I thought. Sorry my response is kind of worthless to you. __________________ Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen Last edited by Dilbert1234567; 04-26-2006 at 01:42 PM..

04-26-2006, 01:53 PM	#4 (permalink)
trache Insane	You can always use a packet sniffer such as Network Chemistry's Packetyzer, to see exactly what happens when you try to connect to an HTTPS site. That will tell you for sure - look in the data portion of the packet - if you can't read your HTTPS packets, then it is encrypted. __________________ "You looked at me as if I was eating runny eggs in slow motion." - Gord Downie of The Tragically Hip

04-29-2006, 09:09 PM	#5 (permalink)
yotta Irresponsible	No, the page within the site is encrypted as well. HTTPS opens up an SSL connection first, then uses HTTP protocol inside SSL, so someone running a sniffer can only see that you're connected via SSL to the HTTPS port on blah.com. I am a network engineer Technicaly, you could be running anything over the HTTPS port, and the only indication that it's not HTTP is the times and amounts of data transfered. __________________ I am Jack's signature.

04-26-2006, 12:50 PM	#3 (permalink)
ratbastid Darth Papa Location: Yonder	I BELIEVE that the GET or POST request occurs inside the envelope of the encrypted communication. There's an initial HELO against the server that initiates encryption negotiations, and then continuing encrypted data against that address, but the details of your requests should be encrypted. See http://www.xramp.com/resources/how-ssl-works.