-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 06.07.15 18:06, Amos Jeffries пишет: > On 6/07/2015 9:30 p.m., adam900710 wrote: >> >> Here is some of my experiments: >> 1) Remove "never_direct" >> Then ssl_bump works as expected, but all traffic doesn't goes through >> the SOCKS5 proxy. So a lot of sites I can't access. >> >> 2) Use local 8118 proxy >> That works fine without any problem, but SSL_dump is needed... >> So just prove privoxy are working. >> >> Any clue? > >> Also, If I disable "ssl_bump" at http_port line, squid works without >> any problem just as a forwarder. >> But that makes no sense anyway. > > Makes perfect sense. Would you like anybody to be able to decrypt your > HTTPS traffic and send it as plain-text wherever they want? Anybody already have the ability to decrypt our HTTPS traffic. This named "government". > > > Squid does not permit that. All inbound encrypted traffic must one way > or another leave upstream only by encrypted channels. Websense does. Another commercial products and solutions does. So? > > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVmoCsAAoJENNXIZxhPexGXo8H/2vYEU7Xt+T85477hZYN5nr8 TMdRMfQIudoJcZWDyqqcf6JRw6SRwcgZDaRHUnH3CrUejcf9AMYH1MxX+Knwrsd+ IwXs0LEO45hTfKo005NV/1BVcXu1s7OPEvgRa85WUCfexBALqVT+JAA+ZG6BO3XW QNSSgsdxCgPl9ITFetBkTOQTZJaXTkGy+JSPhaTl+eOp+DFKWzcTLOhKybOP4VlF qW/srBT1VDdBSy1/BIGGUGzFMboRW0hV7izfhbq3A38pxaEKrA9IraamOPwVl/8k 0tDZ5bfFlvzknO4xqu73hHjIu1aByGSfSwablImeV9eCDJ1dzAJTbFR1YXq0/XM= =+H6m -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
