Le Lundi 15 Mars 2010 05:30:11, Stefan Reible a écrit : > Hi, > > for my exam I want to set up a transparent proxy with http and https > under gentoo linux. > > The transparent http proxy with clamav ist working very nice, but now > i have problems with the implementation of ssl. My first idea was, to > break down the encryption at the squid, an then create a new one. > > http://wiki.squid-cache.org/Features/SslBump > > Is this possible? I think the problem is, that if someone opens an > https encrypted website like https://google.de he gets the certificate > from the proxy in his browser, not from the webserver. This wouldn`t > be so fine.. > > Do you have any solutions, informations or ideas for this problem? > > Thanks, Stefan > > PS: I have an secound problem with downloading big files, is it > possilbe to send any infos about the download progress to the > webbrowser? Like opening an ajax script or something else. There are 2 ways you may do that. 1. Use 3.1's sslbump capabilities. However you need a CA already installed in your clientes to avoid the non-confidence windows of browsers about ssl cert. But this won work in transparent mode. Just explicit. 2. Use de DynamicSSLCert branch code. https://code.launchpad.net/~rousskov/squid/DynamicSslCert Not available at 3.1, but at 3.2 (can Ammos or Henrik confirm this?). However you still need the CA and this could work in transparent mode. LD
