On 24/02/2016 11:19 a.m., Darren wrote: > > Hi > > As Google owns the entire food chain (when you use Chrome talking to Youtube) SSL_Bump upsets everything and the browser blocks access detecting the MITM bump. > > I am looking at school level protection so I want to avoid installing certs on the clients and create a seamless experience. > > I am playing with the restrict.youtube.com feature at the moment, at least this should limit the IP addresses I see in the CONNECT sessions. > FWIW: the SSL-Bump splice functionality (without 'bump') does not require certificate installation on the clients, but still gives the control benefits of intercepting port 443 and SNI server name ACLs. It also works seamlessly with the current fad of certificate pinning in browsers. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
