[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: doughnuts on a fish hook

Magnus wrote:
> On Wednesday, August 27, 2003, at 08:47  AM, Paul Gear wrote:
>> Better than Daniel's recent suggestion, IMHO is the useNoSSLForPackages
>> option.  Point all of your servers at the same squid proxy, turn on the
>> use no SSL option, and all is well.
>> On that note, there's no good reason for packages to be downloaded via
>> SSL, since they're all GPG signed anyway.  Can we have
>> useNoSSLForPackages=1 made the default in the next version of RHL?
> Well except that you're passing authentication data in the clear.

What authentication data?  All of the account stuff goes across https as
normal - the No SSL is only used for the packages themselves.  Here's a
squid log of my most recent 'up2date -l' followed by 'up2date -u':

1062022929.581   1808 hostname TCP_MISS/200 3032 CONNECT
xmlrpc.rhn.redhat.com:443 - DIRECT/ -
1062022938.799    347 hostname TCP_MISS/200 24112 GET
- DIRECT/ application/binary
1062022939.710    159 hostname TCP_MISS/200 8027 GET
- DIRECT/ application/binary
1062022940.395    202 hostname TCP_MISS/200 4524 GET
- DIRECT/ application/octet-stream
1062022961.126   1399 hostname TCP_MISS/200 3032 CONNECT
xmlrpc.rhn.redhat.com:443 - DIRECT/ -
1062022992.711   4751 hostname TCP_MISS/200 162298 GET
- DIRECT/ application/octet-stream
1062023001.233   8241 hostname TCP_MISS/200 395911 GET
- DIRECT/ application/octet-stream

Nothing critical there in my book...


Attachment: pgp00029.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]