.. meta::
  :navigation.name: SSL Gateway

SSL Gateway
===========

Warning
-------
The SSL gateway is still considered in development, so use with care.


Introduction
------------

An SSL gateway enables filtering of https traffic by spawning an SSL
server on the local host (port 8443 per default) through which all
secure traffic is routed.


Security
--------

An SSL gateway has the disadvantage of having to fake the SSL certificate
from the original server and replace it with our own certificate, which
uses the owner name "WebCleaner Server".
Your browser will issue a warning that this certificate is not the
original one your requested.
So in order to not weaken your secure web surfing experience, make sure
you have set up the WebCleaner SSL gateway yourself and configure it
to not allow administration of another person except yourself.


Data flux
---------

::

                        DOWN			UP
 ________________________________________________________________________

  WWW BROWSER
	|
	|
  WEBCLEANER PROXY (localhost:8080)
	|
     HttpClient         init server, filter	pass data back to
	|		request data and pass	browser
        |		it to HttpServer
	|
     ClientServerMatchmaker
	|
     HttpServer		make connection to	receive filtered data,
     	|		localhost on ssl port	pass it on to HttpClient
	|		and pass request data
	|
  WEBCLEANER SSL SERVER (localhost:8443)
	|
     SslClient		init server and ssl	pass data back to
        |               handshake; filter	HttpsServer
    	|		request data and pass
        |		it to SslServer
        |
     ClientServerMatchmaker
	|
     SslServer		connect to remote ssl	filter data, pass it to
	|		server, make (SSL)	SslClient
        |               request
  REMOTE SSL SERVER

