sön 2012-02-05 klockan 14:12 -0500 skrev PS: > Shouldn't I be able to decrypt the connection between the client and the squid server in order to see the traffic that is being sent to gmail? Yes, if you are using ssl-bump, and you have access to the temp certificate used by Squid. But a) ssldump do not handle AES encryption. There is patches to add AES, but these have not made it into an official release yet, if there ever will be an updated official release. b) or a number of other more modern things such as DH exchanges so you may need to restrict the list of supported ciphers a bit for decryption to be possible, You may have better luck trying the SSL decoder found in wireshark. But it's not as easy to work with. And remember that you can only decode client<->squid_with_known_fake_cert traffic not squid<->server Another option would be to use mitmproxy. It does the same SSL intercept as Squid ssl-bump but for very different purposes. Which tool suits you best depends on what it really is you want to accomplish. Regards Henrik
