Eclipse Plugin and SSL/TLS with the internal server
73 views
Skip to first unread message
Mike
Jan 9, 2013, 9:31:20 PM1/9/13
to google-we...@googlegroups.com
Hi,
I enabled SSL on the internal server by using -server :ssl. I am able to connect to the server via https in dev mode. I allowed the browser to accept the certificate sent. I was expecting to see encrypted packets, but everything is in the clear. Am I misunderstanding how the internal server is implementing SSL?
I enabled SSL on the internal server by using -server :ssl. I am able to connect to the server via https in dev mode. I allowed the browser to accept the certificate sent. I was expecting to see encrypted packets, but everything is in the clear. Am I misunderstanding how the internal server is implementing SSL?
Thomas Broyer
Jan 10, 2013, 5:33:08 AM1/10/13
to google-we...@googlegroups.com
What do you mean by "everything is in the clear"? How did you look at the "packets"?
Mike
Jan 10, 2013, 10:59:47 AM1/10/13
to google-we...@googlegroups.com
I used wireshark to examine the packets. All the packet exchanges were TCP and the payloads were clearly readable. There was not handshake and no encrypted packets.
Thomas Broyer
Jan 10, 2013, 11:24:27 AM1/10/13
to google-we...@googlegroups.com
On Thursday, January 10, 2013 4:59:47 PM UTC+1, Mike wrote:
I used wireshark to examine the packets. All the packet exchanges were TCP and the payloads were clearly readable. There was not handshake and no encrypted packets.
I'd swear it worked OK for me (used tcmdump and wireshark); and if your browser tells you it's over HTTPS (even with a weak certificate), then I wouldn't contradict it.
kim young ill
Jan 10, 2013, 6:00:45 PM1/10/13
to google-we...@googlegroups.com
are u sure the wireshark catch the right channel/device ?
try with openssl to localhost to see if the connection is ssl or not sth like:
openssl s_client -connect host:port--To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/lqut1PoPgIEJ.
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Mike
Jan 11, 2013, 3:41:13 PM1/11/13
to google-we...@googlegroups.com, khi...@googlemail.com
Thomas and Kim,
Thanks for your thought and suggestions. It is indeed working as designed I believe. What confused me is I saw the ID and password in the packet flows for the Code Server. I think that makes sense when running in dev mode. If I examine the only the packets for the built-in server, then indeed they are encrypted.
I also validated by running against a tomcat v6 server with SSL enabled.
Again, your assistance is very much appreciated.
Mike
Thanks for your thought and suggestions. It is indeed working as designed I believe. What confused me is I saw the ID and password in the packet flows for the Code Server. I think that makes sense when running in dev mode. If I examine the only the packets for the built-in server, then indeed they are encrypted.
I also validated by running against a tomcat v6 server with SSL enabled.
Again, your assistance is very much appreciated.
Mike
Reply all
Reply to author
Forward
0 new messages