On Monday 13 June 2016 at 10:51:35, Eng Hooda wrote: > Thank You for your response. > Using the certificate is something I want to avoid. > So I think it's acceptable as it is now. > > I searched again and found an explanation , copied below FYI. > > "To serve an HTTP error to an SSL client, Squid has to establish an SSL > connection with that client." Yes, but the point is that the client originally requested an SSL connection to a particular server, and if it gets a reply (even though it is an SSL reply) back from something with a certificate which doesn't match that server, the client will complain, showing a security alert to the user. Antony. -- "this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization." - https://aws.amazon.com/service-terms/ paragraph 57.10 Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
