Hey Amos, I am not talking about the port 443 https. lets talk about port 80 ssl/http. I have configured the ip-tables correctly to re-direct my traffic to squid.Now how will the ssl_bump feature behave when configured as transparent. For me it was not working and is the problem. -talha On Wed, Apr 11, 2012 at 6:11 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 11/04/2012 11:43 p.m., Matus UHLAR - fantomas wrote: >> >> On 11.04.12 16:01, Ahmed Talha Khan wrote: >>> >>> So whats the advantage of the ssl_bump feature left then if it cannot >>> act as an ssl endpoint. Does squid not support ssl end-point >>> termination? > > > Yes. Squid supports ssl end-point termination ... > > That is what the 's' in https_port means. Before anything else happens a new > connection gets SSL negotiated and decrypted using the certificate details > configured. > > Now, take an HTTPS connection, decrypt it with an https_port end-point. What > is left that you expect ssl-bump to do exactly? > > >> >> I don't think so. Note that redirecting connection to your own machine and >> behave as the server is called "man-in-the-middle" attack, and it is a >> security breach. SSL was designed to make secret, encrypted end-to-end >> connection between browser and a final server and it should remain so. >> > > > Amos > -- Regards, -Ahmed Talha Khan
