>> I am only looking to inspect each SSL connection >> for the purposes of determining if the traffic >> should be allowed, i.e. non-malicious (not chat, >> file-transfer, etc). > I have plans to get something very basic into > squid-2 to support transparently proxying SSL > connections I think what we really need is just the much simpler blacklist/whitelist capability. If we can transparently intercept, and give a thumbs-up/thumbs-down to every destination IP address (perhaps after doing a reverse DNS lookup on it), that's all we need. In my experience, fingerprinting the type of traffic turns out to not be very useful ...after all the difficulty of implementing it. Why? 1) There's "legitimate" traffic on 443 that's not web traffic (for example LogMeIn or SSH). Forbidding everything that's non-web is just shooting yourself in the foot. 2) A big problem is https: proxies, as they're real easy to use and will completely bypass all filters. But they _do_ look like web traffic, so they couldn't be forbidden by reasonable fingerprinting. -Chuck Kollars ____________________________________________________________________________________ Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=list&sid=396545433