Just talked to the debian guys. They won't upgrade squid to 3.5 in debian jessi. It's also hard for me, to implement unstable components in a productive system.
But the debian guys told me, that they will build own patches for 3.4.8 to fix critical problems if you report them properly to
https://packages.qa.debian.org/s/squid3.html or
security@xxxxxxxxxx
I hope/think you already do. So I think 3.4.8 should work for me as well.
> Hello
>
> I`m sorry. I'm not a native speaker so I maybe don't find the right words.
>
> I'd like to setup a proxy that can scan the incoming traffic for virus
> (squidclamav). To do that for a https/ssl connection I need the squid
> ssl-bump feature or is there an other solution?
>
> Now I want to setup the ssl-bump feature as safe as using no ssl-bump.
> Is this possible with squid 3.4? (Of course every one who has my CA
> cert can decrypt the traffic, but I keep it safe.)
> Squid is communicating with the remote server(webserver). I'd like to
> have at least this communication as safe as using a normal browser.
>
> Does squid 3.4 do all the necessary steps like checking the
> certificate validity? What about advanced features like cert pinning?
I don't think 3.4 is enough. May be 3.5 or higher.
>
> How do I configure ssl virus scanning? Are this steps enough:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
>
> Thank you again :)
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
