On 29/07/2013 2:30 a.m., Eliezer Croitoru wrote:
On 07/28/2013 03:37 PM, csn233 wrote:
To intercept HTTPS traffic, is SSL-bump a must? Even when I only want
to record the CONNECT traffic in access.log just like a normal forward
proxy without decrypting anything?
Is this any different with TPROXY?
Indeed SSL-bump is a must..
You will be able to record the CONNECT traffic when using:
"sslbump deny all" like acl.
I do not remember the exact way to do it but it is possible.
Eliezer
Beyond the minor fact that there should be *no* CONNECT traffic on
intercepted port 80 or port 443 because CONNECT is a client-to-proxy
request method - which should only be seen on port 3128 or similar HTTP
proxy ports.
The current releases of Squid (3.3.8 and 3.4.0.1) should take
intercepted port-443 traffic and relay it untouched if there is no
decrypting done. They may convert it into a CONNECT if the traffic needs
relaying to a cache_peer, but otherwise it is just tunneled along to the
original destination server.
Amos
