Search squid archive

Re: ssl port 443

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 >
> I have been toying with the idea of making Squid a "man-in-the-middle"
> https proxy, decrypting the requests and encrypting them again in a new
> SSL session. But haven't found sufficient motivation to implement this
> yet..
>
> This obviously pretty much nullifies the end-to-end security of SSL
> transactions as they have to fully trust the proxy as an CA, but there
> is many environments where this isn't an issue and it's more important
> to be able to filter and inspect the https traffic.
>
>

  - Inspecting HTTPS is an ever increasing issue, in today's internet, because
viruses e.d. can't be seen in encrypted streams.
Bluecoat proxies offer this possibility too, as a man-in-the-middle decrypter
and encrypter.

My bank , however, provides me with a ssl based key, with strong
encryption, for accessing it's web-banking application.

I'd be very ware however, to let this happen, via in-between-decrypting-
encrypting ssl proxies; yet allone that in this case this won't be possible
because the remote CA, will wan't to see my certificate and none-other.

Even without,  I'd be wary, see-ing Hendrik with pina-colada in the
Bahama's on what was eventually, my now, empty bank account ... :-) :-)

M.


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux