[4832] in WWW Security List Archive
Re: Netscape-Enterprise/2.01 https SLOOOOWW
daemon@ATHENA.MIT.EDU (Randy Fischer)
Mon Mar 17 03:39:25 1997
From: Randy Fischer <fischer@ucet.ufl.edu>
Date: Sun, 16 Mar 1997 20:06:36 -0500
To: fischer@ucet.ufl.edu, mbrennen@fni.com
Cc: WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> It's called 'encryption'.
Thanks Michael. No, seriously, I didn't give enough
details: I'm using javascript/livewire and various
mechanisms for preserving state; it appears that
a recent switch from server-maintained cookies
to client-side cookies caused this big jump in
https lossage that wasn't apparent when running
the same method using the plain old http. Some
sort of serialization going on for pages with
a few images. I managed to instrument the http
stream using a modification of Randall Schwartz's
anonymizing proxy (recent issue of Web Techniques),
but haven't managed to get a proxy for the
https version -- I'm just starting to play with
SSLeay to get a window on what's happening, exactly.
If there's anyone who's already done this, I'd
appreciate any hints. Now where is that https
spec...
Randy Fischer
