Re: VNC client/server combo doing VNC over HTTP

[Hal Vaughan <hal@thresholddigital.com>]

On Monday 13 March 2006 11:42, anoop aryal wrote:
...
> > Again thanks a lot for the suggestion, I'll try this too -- but I
> > have a possibly stupid question. What protocol will the gateway of
> > my corporate WAN think it is being asked to handle in this case? I
> > don't think it will allow any connections going out on VNC
> > protocol, regardless of the port number in use. HTTP / HTTPS is
> > fine, not a lot else is...
>
> <austin_powers:dr_evil>
> 	muhahaha...
> </austin_powers:dr_evil>
>
> <simpsons:burns>
> 	HTTPS, eh? excellent.
> </simpsons:burns>
>
> try running ssh on port 443 at home and then try ssh-ing from work.
> the nice thing about HTTPS is that it's not a TLS type thing where
> you start off unencrypted and then do an encryption handshake.
> therefore, there shouldn't be *any* unencrypted data flowing back and
> fourth that the firewall can look at. the encrypted exchange is
> designed to stop man-in-the-middle. that takes the firewall out of
> the picture since it has nothing in the data flow that it can look at
> and go, "yes, it is indeed HTTPS". it's just relying on the port
> being 443. so any protocol should work as long as the port is 443.

Thanks for the info on TLS, since I didn't know any of that.  So 
basically, any info on port 443 that looks encrypted should get by, 
right?  I didn't realize that and it will make it a lot simpler.  The 
only trouble with ssh is that it requires cygwin, and I need to make 
this as small a footprint as possible.  It seems like almost all cool 
tools on Windows need cygwin!

Hal