Leonardo Carneiro - Veltrac wrote:
Amos Jeffries wrote:
Some factums worth knowing:
* 3.0 does not support sslBump or any other form of HTTPS
man-in-middle attacks. 3.1 is required for that.
* sslBump in 3.1 requires that the client machines all have a CA
certificate installed to make them trust the proxy for decryption.
* sslBump requires clients to be configured for using the proxy.
(Some of the 'transparent' above work this way some do not.)
Amos
Hi Amos. What is the vantage of use sslBump if I cannot use a
transparent proxy with it? Is the ability to cache SSL content?
Tks in advance.
Somewhat. Mostly for corporate networks AV scanning or filtering HTTPS
connections.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18