Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy

From: f.c.w.donck () SIEP SHELL COM (Fred Donck)
Date: Mon, 20 Jul 1998 21:37:21 +0200

This is a multi-part message in MIME format.
--------------E5DDC0B8E9C6864BE87CCF5E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

All,

See attached from the squid-users mailing-list


-- Fred
--------------E5DDC0B8E9C6864BE87CCF5E
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Received: from ksopenml.ksepl.shell.nl by swwrij.ksepl.shell.nl (8.8.7/8.8.7-Fred.Donck/EPT-IS) id RAA16224; Mon, 20 
Jul 1998 17:11:18 +0200 (MET DST)
Received: from shell.nl by ksopenml.ksepl.shell.nl with ESMTP
        (1.40.112.12/16.2) id AA152267477; Mon, 20 Jul 1998 17:11:17 +0200
Received: by shell.nl; id RAA05696; Mon, 20 Jul 1998 17:11:16 +0200 (METDST)
Received: from ack.ucar.edu(192.52.106.29) by charon-1.shell.nl via smap (3.2)
        id xma005585; Mon, 20 Jul 98 17:10:41 +0200
Received: (from slist@localhost)
        by ircache.net (8.8.6/8.8.6) id IAA02926
        for fred () siep shell com; Mon, 20 Jul 1998 08:10:40 -0700 (PDT)
Resent-Date: Mon, 20 Jul 1998 08:10:40 -0700 (PDT)
Date: Mon, 20 Jul 1998 10:09:38 -0500
Message-Id: <199807201509.KAA26183 () jello csc ti com>
From: Joe Ramey <ramey () csc ti com>
To: hno () hem passagen se
Cc: squid-users () ircache net
In-Reply-To: <35AFCEB9.9E4500A () hem passagen se> (message from Henrik Nordstrom
        on Sat, 18 Jul 1998 00:22:49 +0200)
Subject: Re: Security warning: Netscape 4.0x https & Squid 1.2beta proxy
Reply-To: ramey () csc ti com
References:  <35AFCEB9.9E4500A () hem passagen se>
Resent-Message-Id: <"807OuD.A.5j.Z31s1"@ack.ircache.net>
Resent-From: squid-users () ircache net
X-Mailing-List: <squid-users () ircache net> archive/latest/852
X-Loop: squid-users () ircache net
Precedence: list
Resent-Sender: squid-users-request () ircache net
X-Mozilla-Status2: 00000000

   Date: Sat, 18 Jul 1998 00:22:49 +0200
   Content-Type: text/plain; charset=iso-8859-1
   From: Henrik Nordstrom <hno () hem passagen se>
   Sender: hno () hem passagen se
   X-MIME-Autoconverted: from quoted-printable to 8bit by ircache.net id PAA06782
   Resent-From: squid-users () ircache net
   X-Mailing-List: <squid-users () ircache net> archive/latest/793
   X-Loop: squid-users () ircache net
   Precedence: list
   Resent-Sender: squid-users-request () ircache net

   If you are using Squid 1.2beta and Netscape 4.x then you MUST use
   different server names for your HTTP and Security (SSL) proxy. This
   is due to a bug in Netscape4.0x that may cause https requests to be
   sent in plain text to a Squid 1.2beta proxy server.

FWIW, this bug is still present in the latest Netscape beta, 4.5 PR1.
I reported this bug to them several months ago.  Guess it's time to
report it again.

Joe


--------------E5DDC0B8E9C6864BE87CCF5E--
Previous By Date Next
Previous By Thread Next

Current thread: