On 2014-02-25 22:17, kannan rbk wrote:
In our office, we are using squid to restrict users to connect only
particular web sites and urls. If a user is connecting a web page via
https, url_regex acl will not work. In a https request, we have
control over domain only. But we need to restrict on url level. So, we
used ssl bump to intercept the https requests. Its working fine, but
we got some ssl warnings in browser.
Google Chrome Warning
Cannot connect to the real ziopert.com
Is this possible to intercept a ssl connection in bump without any
browser warnings?
Only if you have a CA certificate installed in that browser AND if the
browser accepts your CA for that website. Chrome are taking a hard-line
stance on TLS being secure, rather than the loophole mess ssl-bump takes
advantage of.
You could try upgrading your proxy and using
http://wiki.squid-cache.org/Features/BumpSslServerFirst. That might
improve your situation a little, but there is not much hope as SSL was
designed to its core to detect third-parties accessing the encryption.
Amos
