[Privoxy-devel] HTTPS filtering in Privoxy
Lee
ler762 at gmail.com
Thu May 18 16:24:24 UTC 2017
On 5/18/17, Fabian Keil <fk at fabiankeil.de> wrote:
> Fabian Keil <fk at fabiankeil.de> wrote:
>
>> Vašek Švec <va.svec at gmail.com> wrote:
>>
>> > file with patches (git format-patch) is in attachment. I hereby release
>> > this code under the GNU GPLv2 or later.
>>
>> Thanks a lot for the patch.
>>
>> Unfortunately Mailman stripped it <.. snip ..>
>
> In the meantime the patch is available at:
> https://www.fabiankeil.de/tmp/privoxy-tls-ssl-changes-by-Vaclav-Svec.diff
Very cool! You've seen these - right?
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
https://www.us-cert.gov/ncas/alerts/TA17-075A
Do you address any of the concerns raised? I'm especially interested in
Many HTTPS
security features expect connections to be end-to-end by
mixing the HTTP and TLS layers, and by implementing
HTTPS features in browser code rather than in TLS libraries.
For example, to overcome weaknesses in existing revocation
protocols, Firefox ships with OneCRL [43] and Chrome,
CRLSets [24]. Both of these solutions increase browser security
in the typical end-to-end case. However, these solutions provide
no protection in the presence of a TLS proxy and because the
solution is not part of the TLS protocol itself, TLS libraries
do not implement these safe revocation checks.
Regards,
Lee
More information about the Privoxy-devel
mailing list