Search squid archive

RE: transparent https interception without mitm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> Is it possible for squid to intercept and apply acl's to https without actually
> decrypting and generating certificates etc? The conversation would go
> something like:
> 

It actually almost works if I put a dummy cert on the https_port config line with ssl-bump, but then use none for ssl_bump. In order to parse the dstdomain, I assume squid must be getting the cert cn first, right? Unfortunately it seems to throw the details it gathered away after checking what bump to use as all I get in there is the destination IP. Logging %ssl::>cert_subject just shows "-".

James





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux