If squid is configure to use ICAP and the ICAP server supports RESMOD would the ICAP server be given the full response unencrypted? On Mon, Feb 06, 2012 at 12:03:11AM +0100, Henrik Nordström wrote: > sön 2012-02-05 klockan 14:12 -0500 skrev PS: > > > Shouldn't I be able to decrypt the connection between the client and the squid server in order to see the traffic that is being sent to gmail? > > Yes, if you are using ssl-bump, and you have access to the temp > certificate used by Squid. > > But > a) ssldump do not handle AES encryption. There is patches to add AES, > but these have not made it into an official release yet, if there ever > will be an updated official release. > b) or a number of other more modern things such as DH exchanges > > so you may need to restrict the list of supported ciphers a bit for > decryption to be possible, > > You may have better luck trying the SSL decoder found in wireshark. But > it's not as easy to work with. > > And remember that you can only decode > client<->squid_with_known_fake_cert traffic not squid<->server > > Another option would be to use mitmproxy. It does the same SSL intercept > as Squid ssl-bump but for very different purposes. Which tool suits you > best depends on what it really is you want to accomplish. > > Regards > Henrik > -- James R. Leu jleu@xxxxxxxxxxxxxx
Attachment:
pgprbIIBB5gAe.pgp
Description: PGP signature
