Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

5.3.1 Unauthorized Client Connecting to an SSTP Server

In this scenario, an unauthorized attacker poses as a valid SSTP client and tries to connect to a valid SSTP server. The HTTPS connection goes through because the server does not authenticate the client at the SSL/TLS layer. The connection MUST be terminated by the SSTP server at the PPP layer after determining that the client has no proper user credentials. For more information, see [RFC1661].


Figure 9: Unauthorized client connecting to an SSTP server

© 2015 Microsoft