On tor, 2008-05-29 at 21:23 +0800, Treker Chen wrote: > And if i set "always_direct allow all" in squid.conf, then i can > connect to https website without problem Sounds like ssl bump handles decrypted https requests as accelerated requests by default.. file a bug on that please. > but i don't think the SSL > Bump is work under this condition because i saw the certification of > the website is valid. though at the begging browser will show up the > warning of invalid ssl certificate. That's due to the sslbump man-in-the-middle attack on SSL. There is ways to hide that in controlled environments (like a corporate network with centrally administered clients) but sslbump do not yet implement the required fake certificate mangement. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
