Search squid archive

Re: Squid 3 SSL bump: Google drive application could not connect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
To return to Earth:

I think, a good idea is built-in (ma be, in ssl_crtd?) functionality to check 443 port connection for "Is an HTTPS inside?" and if no, do not bump by default.

This is so simple and fast, is it? And we can have some config option to disable this function.......Or not.....

;)

05.01.2015 2:17, Douglas Davenport пишет:
> I saw a very similar feature in ufdbGuard which is a URL filter implemented as a Squid Redirector. They have a feature which probes the destination server for a valid HTTPS cert in parallel to the user's connection and terminates it if it turns out not to be a valid HTTPS cert. Their code is open source, maybe this could be helpful in creating such a helper?
>
> http://www.urlfilterdb.com/home.html
>
> On Sat, Jan 3, 2015 at 3:45 AM, Yuri Voinov <yvoinov@xxxxxxxxx <mailto:yvoinov@xxxxxxxxx>> wrote:
>
>
> Term "HTTPS" often uses as "Any connect over 443 port"....
>
> 03.01.2015 13:59, Jason Haar пишет:
> > On 01/01/15 00:11, James Harper wrote:
> >> The helper connects to the IP:port and tries to obtain the
> certificate, and then caches the result (in an sqlite database). If it
> can't do so within a fairly short time it returns failure (but keeps
> trying a bit longer and caches it for next time). Alternatively if the
> IP used to be SSL but is now timing out it returns the previously cached
> value. Negative results are cached for an increasing amount of time each
> time it fails, on the basis that it probably isn't SSL.
> > That sounds great James! I'd certainly like to take a look at it too
>
> > However, you say "SSL"  - did you mean "HTTPS"? ie discovering a ip:port
> > is a IMAPS server doesn't really help squid talk to it - surely you want
> > to discover HTTPS servers - and everything else should be
> > pass-through/splice?
>
>
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>     http://lists.squid-cache.org/listinfo/squid-users
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUqaH3AAoJENNXIZxhPexG+VAH/3+fQfAUA1IdCXTdvZXjR2Ih
2AAa2d/mPOQtk1RNTk7PUxp1tIuUVt054euuwnhxItGSIb6OB7U2fTHK1k3BF+ta
BG6fyghpKYFBHJkloYX6m45g7K3vgpKEjVPDQZuaUz1CBZ67ie/ThngxmgNwFqaO
HbDvcX6FnvYeplRDrsx8DATD7fqujw5wy6ZI+23bXAOf4j7PO6zwIeoh4hSkMhr/
7ZRBYv2T6iYh+sL3XiYgVh9fWcGy2O2ovJLW/2AA4YXnlEAGLgbgVZCiF6jIdomn
iSiel6enLOCDneLsMcW1h+n7HNTTpv6N2D5ATMEcf8kz3ACmH99mBhk2bh9jQ94=
=Iw5c
-----END PGP SIGNATURE-----

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux