Https Scan Settings - NETGEAR STM150 Appliance Reference Manual

ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual

HTTPS Scan Settings

HTTPS traffic is encrypted traffic that cannot be scanned otherwise the data stream would not be
secure. However, the STM can scan HTTPS traffic that is transmitted through an HTTP proxy, that
is, HTTPS traffic is scanned as a proxy between the HTTPS client and the HTTPS server.
Figure 4-15 shows the HTTPS scanning traffic flow.
Figure 4-15
The HTTPS scanning process functions with the following principles:
• The STM breaks up an SSL connection between an HTTPS server and an HTTP client in two
parts:
– A connection between the HTTPS client and the STM.
– A connection between the STM and the HTTPS server.
• The STM simulates the HTTPS server communication to the HTTPS client, including the SSL
negotiation, certificate exchange, and certificate authentication. In effect, the STM functions
as the HTTPS server for the HTTPS client.
• The STM simulates the HTTPS client communication to the HTTPS server, including the SSL
negotiation, certificate exchange, and certificate authentication. In effect, the STM functions
as the HTTPS client for the HTTPS server.
During SSL authentication, the HTTPS client authenticates three items:
• Is the certificate trusted?
• Has the certificate expired?
• Does the name on the certificate match that of the Web site?
4-38 Content Filtering and Optimizing Scans
v1.0, September 2009