Port 443 blocking issue for https

Hello,

I have set up an web application that uses ssl encryption. My understanding is that this results in it connecting via pott 443 to clients browsers. One specific firm that wants to use the application with has a firewall (I think for the purposes of content screening as well as security). It apparently will not allow the encrypted data to pass through. How can I keep the encryption, but allow my customer to access it? Should there be an exception list on there firewall software?

Thanks, Gary

Reply to
garygeorge
Loading thread data ...

A follow-on questions... Should the firm's firewall software be able to allow the url of the web application to be an exception from the normal filtering?

Thanks, Gary

Reply to
garygeorge

Sorry, I was not trying to sound sneaky. This would be an application that they want to have and I am sure they would be willing to make changes to accomadate it. I just need to better understand what to recommend to them. I believe the issue is that they have a content filter checking for words, images, etc. Since the data I would be sending is encrypted it cannot check it and thus does not let it pass through. Can the administrator unblock 443 for just one site and what would the impact be? I would just like to have some background before I speak to an administrator.

Thanks!

Reply to
garygeorge

If the company is blocking 443 then there is a reason, you've not specified if this is an application that the company has asked for of it it's something that a user inside the company, without the company's permission, want to use.

Most firewall rules allow outbound 443 traffic to the net, but they filter inbound 443.

If they are filtering outbound 443 traffic then only the firewall administrator can unblock 443 for your site.

Reply to
Leythos

If they are filtering 443, then it's a site exception type filtering as the firewall most likely can't determine what's in the SSL session, so, either they've disabled outbound SSL or they block outbound SSL using an approved/disapproved list, or they don't block outbound SSL at all.

Unblocking a single site for SSL is as dangerous as unblocking that site for any reason - there is nothing stopping you from passing anything over the SSL port to the inside users - this means you could pass infected files, p*rn, attack instructions, etc.... Unless there is a STRONG "BUSINESS" reason for them to use your service I suspect that they wont.

I would not unblock it based on what you've already said here.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.