[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: doughnuts on a fish hook



Magnus wrote:
> 
> On Wednesday, August 27, 2003, at 08:47  AM, Paul Gear wrote:
> 
>> Better than Daniel's recent suggestion, IMHO is the useNoSSLForPackages
>> option.  Point all of your servers at the same squid proxy, turn on the
>> use no SSL option, and all is well.
>>
>> On that note, there's no good reason for packages to be downloaded via
>> SSL, since they're all GPG signed anyway.  Can we have
>> useNoSSLForPackages=1 made the default in the next version of RHL?
> 
> 
> Well except that you're passing authentication data in the clear.

What authentication data?  All of the account stuff goes across https as
normal - the No SSL is only used for the packages themselves.  Here's a
squid log of my most recent 'up2date -l' followed by 'up2date -u':

1062022929.581   1808 hostname TCP_MISS/200 3032 CONNECT
xmlrpc.rhn.redhat.com:443 - DIRECT/66.187.232.101 -
1062022938.799    347 hostname TCP_MISS/200 24112 GET
http://xmlrpc.rhn.redhat.com/XMLRPC/$RHN/redhat-linux-i386-9/listPackages/20030826081636
- DIRECT/66.187.232.101 application/binary
1062022939.710    159 hostname TCP_MISS/200 8027 GET
http://xmlrpc.rhn.redhat.com/XMLRPC/$RHN/redhat-linux-i386-9/getObsoletes/20030826081636
- DIRECT/66.187.232.101 application/binary
1062022940.395    202 hostname TCP_MISS/200 4524 GET
http://xmlrpc.rhn.redhat.com/XMLRPC/$RHN/redhat-linux-i386-9/getPackageHeader/pam_smb-1.1.6-9.9.i386.hdr
- DIRECT/66.187.232.101 application/octet-stream
...
1062022961.126   1399 hostname TCP_MISS/200 3032 CONNECT
xmlrpc.rhn.redhat.com:443 - DIRECT/66.187.232.101 -
1062022992.711   4751 hostname TCP_MISS/200 162298 GET
http://xmlrpc.rhn.redhat.com/XMLRPC/$RHN/redhat-linux-i386-9/getPackage/cdda2wav-2.0-11.9.1.i386.rpm
- DIRECT/66.187.232.101 application/octet-stream
1062023001.233   8241 hostname TCP_MISS/200 395911 GET
http://xmlrpc.rhn.redhat.com/XMLRPC/$RHN/redhat-linux-i386-9/getPackage/cdrecord-2.0-11.9.1.i386.rpm
- DIRECT/66.187.232.101 application/octet-stream

Nothing critical there in my book...

-- 
Paul
http://paulgear.webhop.net

Attachment: pgp00029.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]