On 05/07/2014 03:27 PM, Marcus Kool wrote: > The design of Squid ssl-bump assumes that a CONNECT to a server always > has an SSL-based communication channel > and therefore any software that uses non-SSL traffic on port 443 fails > to work with ssl-bump. You are right about that assumption, but it is not really a part of the SslBump design as such. There is just not enough code to handle this case better. FWIW, two active Squid projects, non-HTTP bypass and Peek-and-Splice, are laying the ground work to give an admin the ability to tunnel "unwanted" traffic (for various definitions of "unwanted"), but even after those two projects are completed, more work will be needed to be able to tunnel non-SSL traffic more-or-less comfortably in the presence of SslBump. Hopefully, there will be enough interest to get it done. Cheers, Alex.
