RE: Mandatory encryption

-----Original Message-----
From: Willy Tarreau [] 
Sent: Thursday, July 19, 2012 3:32 PM
To: Anil Sharma
Cc: Roberto Peon; Paul Hoffman; Phillip Hallam-Baker;;; Mike Belshe
Subject: Re: Mandatory encryption

On Thu, Jul 19, 2012 at 09:55:54AM +0000, Anil Sharma wrote:
> " in HTTP they always force safesearch to on in outgoing
> requests so that they rely on google's ability to filter out unsuitable
> contents. In HTTPS they obviously can't do this so google images then
> becomes a single-handed browsing tool."
> Didn't understand this point? From compute server point of view (which is providing you search results) it shouldn't matter whether transport used was secure or not?
> Did I miss something?

When the request is sent in clear text, the proxy modifies it to force
"safesearch=on" in the requests so that Google refrains from returning
-----------------------------> Why can't TLS proxy do it ( anyways I thought the browser or the user decides it but even if lets its company policy and proxy does it for all the request)   Just trying to understand......

unsuitable contents. In https, it obviously cannot force that on the
users' request so the user has complete access to the whole internet
cached in "google images". There are places where this type of access
is not accepted at all so google is not in the SSL whitelist.


Received on Thursday, 19 July 2012 10:19:08 UTC