Search squid archive

HTTPS Filtering by Certificate Subject Name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It looks like this question has come up before, but I'm hoping to get some further details on it.

I've used a couple of firewalls (Watchguard & Fortigate) that allow me to do a level of HTTPS site filtering without decryption. I believe that it works by requesting and examining the certificate sent from the remote server. If the subject name or subject alternate names on the certificate match a whitelist of domains that we have specified then access to the site is allowed. As far as I know, it does not require decrypting the SSL connection and I'm positive that it doesn't return self generated certificates.

It would not be very effective for someone trying to use Squid for blocking end users access to every site on the Internet. But, it works great for our use case where we want to allow our servers to only access a handful of sites.

From everything I've read, it looks like the only option is for Squid to decrypt the connection. Is there a particular reason why this feature could not be implemented in Squid if it's available in these other devices? Or if it is available, could I get some direction.

Thank you in advance for any help.


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux