From owner-freebsd-security Sun Jul 29 0:56:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailout00.sul.t-online.de (mailout00.sul.t-online.com [194.25.134.16]) by hub.freebsd.org (Postfix) with ESMTP id 13A5E37B401 for ; Sun, 29 Jul 2001 00:56:48 -0700 (PDT) (envelope-from haribeau@gmx.de) Received: from fwd00.sul.t-online.de by mailout00.sul.t-online.de with smtp id 15QlRP-0002D2-00; Sun, 29 Jul 2001 09:56:47 +0200 Received: from asterix.local (320080844193-0001@[217.80.84.89]) by fmrl00.sul.t-online.com with smtp id 15QlRO-0vjRcuC; Sun, 29 Jul 2001 09:56:46 +0200 Received: (qmail 414 invoked from network); 29 Jul 2001 07:56:45 -0000 Received: from homer.local (HELO homer.local.nlocal) (192.168.1.50) by 0 with SMTP; 29 Jul 2001 07:56:45 -0000 Received: (nullmailer pid 1134 invoked by uid 1100); Sun, 29 Jul 2001 07:56:45 -0000 Date: Sun, 29 Jul 2001 09:56:45 +0200 From: Clemens Hermann To: FreeBSD security ML Subject: proxy recommendation Message-ID: <20010729095645.A1048@homer.local> Mail-Followup-To: Clemens Hermann , FreeBSD security ML Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Mailer: Mutt 1.2.5i (FreeBSD 4.3-RELEASE i386) Organization: Linuxlupe InternetSolutions X-Sender: 320080844193-0001@t-dialin.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, to build an application Gateway I am looking for proxys for the following services: - http - https - smtp - pop3 (if exists, pop3 via ssl) - ftp - dns I have found some tools (especially tis which has only some of the proxys I am looking for) but I am not sure which one to take and would appreciate a hint a lot. The far most important issue is security and not performance. Second: There is one thing I do not understand: Commercial proxys offer https/pop3 via ssl etc. How does this work together with the end to end conection of ssl? How can the proxy be able to interfere these "secure" connections? It does not have the ssl certificate and can not pretend to be the ssl-server to the client application so - how is the proxying done? can one do all the scanning on the proxy that you can do with non-encryptet connection (e.g http compared to https)? thanks for any hint /ch -- "Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message