> >> It is too late to alter the client certificate. By the time a server > >> connection is opened Squid may have already served replies out of > cache > >> to the client. > > > > I am a bit surprised. Can sslbump make some https content cacheable? > > Why surprised? ssl-bumps' purpose is to remove the SSL layer on > arriving > traffic. > > The data inside is just HTTP and gets handled same as any other. > Caching, filtering, alterations. Anything goes once the security layer > is erased. > This does make me worried. For a web developer writing an https only site, He wouldn't bother with cache control headers the same as when he is develop http site. The https itself implies private to sharing. I would expect sslbump perverse this privacy in dealing with https traffic. Ming