SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000749: http proxy and ssl - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000749Endian FirewallOther Servicespublic2008-05-03 12:012010-09-24 09:27
schwable 
 
normalfeaturealways
acknowledgedopen 
2.2-beta4 
 
0000749: http proxy and ssl
Is there any chance that the http-proxy scans https ? (I know not havp). Because Gibraltar and Gateprotect can scan https.
It´s a great security risk
No tags attached.
has duplicate 0001169acknowledged  Web proxy antivirus not work on SSL https protocol 
Issue History
2008-05-03 12:01schwableNew Issue
2008-05-05 13:21clubbing80sNote Added: 0001115
2008-05-05 15:55schwableNote Added: 0001117
2008-05-05 16:56peter-endianNote Added: 0001118
2008-05-05 17:34schwableNote Added: 0001120
2008-05-14 13:52simon-endianStatusnew => feedback
2008-05-14 16:24schwableNote Added: 0001169
2009-10-21 16:40peter-endianRelationship addedhas duplicate 0001169
2010-09-24 09:27peter-endianStatusfeedback => acknowledged

Notes
(0001115)
clubbing80s   
2008-05-05 13:21   
In what context is do you consider it a threat .. As the decrupting of ssl data exposes secure information. Or viruses etc can get by via ssl ?
(0001117)
schwable   
2008-05-05 15:55   
About viruses
(0001118)
peter-endian   
2008-05-05 16:56   
decrypting the ssl tunnel on the firewall in fact is a man in the middle attack, since the firewall needs to accept every server certificate, without showing or asking the user.

Doing this enables everyone to do also a man in the middle attack without the possibility to recognize it by either end.

I think having the possibility to do a man in the middle attack is a much higher security risk.
(0001120)
schwable   
2008-05-05 17:34   
when you surf in the internet there are many sites, they have https-sites but with self designed certifacates. They can easily import a virus in their sites. Look at https://secure.eicar.org/eicar.com [^]
(0001169)
schwable   
2008-05-14 16:24   
when everybody program a switch todo allow accept every certificate and its scanned for virus ?