2015-03-21 - Re: [GRASE-Hotspot] SSL Problem

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: 4e30e91fe02eefbaea41fadd44d659e6ef70889d517315530ed34dcdc95cd59c
Message ID: <CAESLx0JjQOLgb0abMsCbWUgAYZ-JeqHjd2k_netj9WmeRbkESA@mail.gmail.com>
Reply To: <2a68dc14-0d10-4954-920f-2c273f2a27b8@grasehotspot.org>
UTC Datetime: 2015-03-21 19:27:50 UTC
Raw Date: Sun, 22 Mar 2015 12:27:50 +1000

Raw message

Hi Domingo

Even purchasing a SSL certificate won't work. To do the redirect, you need
to be able to pretend to be the secure site. For example, they goto
https://facebook.com. The hotspot needs to pretend to be facebook.com, with
a SSL certificate that matches. You can't just buy a certificate to do that.

Regards

Tim

On Sat, Mar 21, 2015 at 2:04 AM, Domingo Gómez <do***s@gmail.com>
wrote:

>
> tim thanks for answering so soon.
> I guess if I buy a ssl certificate would solve the problem, but it would
> take an additional cost.
> El viernes, 20 de marzo de 2015, 1:33:55 (UTC-4), timwhite88 escribió:
>>
>> Hi Domingo
>>
>> Due to the way SSL works, it's impossible for us to redirect HTTPS sites.
>> The only way to do HTTPS redirection is by getting your clients to install
>> a SSL CA certificate on their computer that says you are an authoritative
>> CA, and to allow you to "Man In The Middle" their connections. This breaks
>> SSL (as it's no longer secure) and so I will not write the feature in. It
>> is an unfortunate downside to SSL, but security over convenience is much
>> better.
>>
>> You'll find on mobile devices, this isn't an issue as the mobile device
>> will detect the hotspot and prompt for login. Some desktop OS's can now do
>> this as well.
>>
>> Regards
>>
>> Tim
>>
>> On Fri, Mar 20, 2015 at 2:53 PM, Domingo Gómez <do***.@gmail.com>
>> wrote:
>>
>>> Hello. I am completely new to this. Grase Hotpot is the first program of
>>> its kind to install.
>>> I know one thing.
>>> Why grase not redirect pages with https: // for example
>>> https://facebook.com
>>>
>>> Thanks in advance to all members and especially the creator of this
>>> wonderful implementation.
>>>
>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to gr***.@grasehotspot.org.
>>> To post to this group, send email to gr***.@grasehotspot.org.
>>> Visit this group at http://groups.google.com/a/
>>> grasehotspot.org/group/grase-hotspot/.
>>> To view this discussion on the web visit https://groups.google.com/a/
>>> grasehotspot.org/d/msgid/grase-hotspot/cd90a7a6-dafd-
>>> 4368-836b-fed2ef2e8205%40grasehotspot.org
>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/cd90a7a6-dafd-4368-836b-fed2ef2e8205%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>  --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> http://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/2a68dc14-0d10-4954-920f-2c273f2a27b8%40grasehotspot.org
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/2a68dc14-0d10-4954-920f-2c273f2a27b8%40grasehotspot.org?utm_medium=email&utm_source=footer>
> .
>

Thread