Hey Matus, I understand that issue. What i am saying is that i was able to ssl_bump into the connections(i offloaded content to an ICAP server and could see the de-ciphered text and logins) when i configured the proxy in my browser. In that case squid acted like an ssl-endpoint? and now in the case of transparently doing it, it is unable to do it? Correct me if i am wrong. regards, -talha On Wed, Apr 11, 2012 at 4:43 PM, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote: > On 11.04.12 16:01, Ahmed Talha Khan wrote: >> >> So whats the advantage of the ssl_bump feature left then if it cannot >> act as an ssl endpoint. Does squid not support ssl end-point >> termination? > > > I don't think so. Note that redirecting connection to your own machine and > behave as the server is called "man-in-the-middle" attack, and it is a > security breach. SSL was designed to make secret, encrypted end-to-end > connection between browser and a final server and it should remain so. > > -- > Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > 99 percent of lawyers give the rest a bad name. -- Regards, -Ahmed Talha Khan
