Нерасшифровываемые SSL-хосты
English translation: Non-decrypted SSL hosts
| GLOSSARY ENTRY (DERIVED FROM QUESTION BELOW) | ||||||
|---|---|---|---|---|---|---|
|
| 20:44 Feb 25, 2018 |
| Russian to English translations [PRO] Tech/Engineering - IT (Information Technology) / Information Security / DL | |||||||
|---|---|---|---|---|---|---|---|
|
| ||||||
|  Selected response from: Vladyslav Golovaty Ukraine Local time: 12:51 | ||||||
Grading comment
| |||||||
| Summary of answers provided | ||||
|---|---|---|---|---|
| 3 +2 | Non-decryptable SSL hosts |
| ||
| 3 | encrypted SSL host headers/names |
|
| Discussion entries: 3 | |
|---|---|
Answers
5 hrs confidence: 
encrypted SSL host headers/names Explanation: How SNI Changed the Concept of Hosting HTTPS Web Sites? – Support Engineer Days Online https://blogs.msdn.microsoft.com/omnia/2012/11/10/how-sni-ch... == BEGIN QUOTE == The only two options to host multiple SSL sites on IIS: 1) Assign different IP addresses to different web sites. In that case you can assign different certificates to the different web sites because IIS can separate the web sites to serve for requests using the requested site’s IP address. 2) Use SAN or Wildcard certificate to host multiple web sites on same IP address and port (e.g.:443) then you need to use SSL Host Headers to separate multiple web sites. For SAN Certificate we would add multiple host names (Domains) or subdomains like Contoso.com, DagHc1,DagHc1.Contoso.com <...> If you are using the same IP address and the same port (e.g.: 443) then when the request arrives to IIS, it cannot understand which site is requested because the requested host name is also encrypted in SSL session. So, IIS first needs to decrypt the request to have the host name, then it can identify the correct web site because it would have the requested host name. In other words, IIS understands which site to be served after decrypting the request with SSL and then is able to send the request to the correct web site. This means that when the request comes to the web server, as IIS do not know which site to serve, IIS cannot verify which SSL certificate to decrypt the request so there is a need to have just one certificate for decryption process with only one IP address and same port. == END QUOTE == Run Multiple Websites On The Same IP Address And Port Even Over SSL - Steve Fenton https://www.stevefenton.co.uk/2011/06/run-multiple-websites-... == BEGIN QUOTE == Once you have run this for each web site, you should run an IIS Reset and make sure that all of your web sites have started. If you have forgotten one of the steps listed in this article, one of your web sites will refuse to start with a message about not being able to write a file that already exists. What this process changes is that it allows IIS to decrypt the host-header using the shared certificate before it decides which web site can service the request. With the decrypted host header, IIS can route the request to the correct web site. == END QUOTE == Please beware, it’s mostly a wild guess. -------------------------------------------------- Note added at 5 hrs (2018-02-26 02:02:47 GMT) -------------------------------------------------- I believe that in this case нерасшифровываемые means that host names stay encrypted but doesn’t mean that they cannot be decrypted. More context would certainly help. -------------------------------------------------- Note added at 20 hrs (2018-02-26 17:04:54 GMT) -------------------------------------------------- Another option: SSL hosts [whose traffic is] excluded from decryption The problem is you probably have to fit the translation into a limited space, so I enclosed part of the text in brackets. Here’s an example: Exclude domains from inspection of HTTPS traffic http://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.4.0/GUI... == BEGIN QUOTE == The HTTPS Inspection Exceptions element is a list of domains that are excluded from decryption and inspection. About this task HTTPS Inspection Exceptions are used in a custom HTTPS service to define a list of domains for which HTTPS traffic is not decrypted. The custom HTTPS service must be used in a rule, and only traffic that matches the rule is excluded from decryption and inspection. HTTPS Inspection Exceptions are primarily intended for backwards compatibility. == END QUOTE == |
| ||
Notes to answerer
| |||
| Login to enter a peer comment (or grade) | |||
2 mins confidence: peer agreement (net): +2
peer agreement (net): +2Non-decryptable SSL hosts Explanation: https://serverfault.com/questions/788127/configure-squid-to-... -------------------------------------------------- Note added at 3 mins (2018-02-25 20:48:39 GMT) -------------------------------------------------- Squid-3.5 can do that with the "ssl_bump splice" action if the traffic actually is TLS but not decryptable ... -------------------------------------------------- Note added at 6 days (2018-03-04 16:18:59 GMT) Post-grading -------------------------------------------------- Thank you so much! |
| |
Login or register (free and only takes a few minutes) to participate in this question. You will also have access to many other tools and opportunities designed for those who have language-related jobs (or are passionate about them). Participation is free and the site has a strict confidentiality policy. KudoZ™ translation helpThe KudoZ network provides a framework for translators and others to assist each other with translations or explanations of terms and short phrases.
See also: Search millions of term translations | ||
