On Wed, Nov 07, 2007, Alex Rousskov wrote:
> > The browser wraps up the SSL requests in a normal HTTP request ("CONNECT");
> > transparently intercepted SSL requests look like SSL and not like HTTP.
> > Squid knows about the former but not currently about the latter.
>
> Adrian,
>
> AFAIK, Squid can handle HTTPS requests in an accelerated environment
> setup, using https_port settings. If I configure Cisco to redirect https
> traffic to Squid https_port using WCCP, will Squid know how to decrypt
> the request?
>
> If yes, then SslBump should work, in principle, for WCCP/HTTPS
> interception. Testing this is on my to-do list, but I wanted to know
> whether you foresee any problems with this scheme (other than browser
> warnings that SslBump causes). Do you?
Nope, it should work - all it needs to do is take the original request
destination/port and use that (possibly) when forwarding the request.
> Alex.
> P.S. In my tests, SslBump already works for intercepting CONNECT
> requests.
Nice. :)
Adrian
--
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
