"SSL bump" is the name of a complex Squid feature. With ssl_bump ACLs one can decide which domains can be 'spliced' (go through the proxy untouched) or can be 'bumped' (decrypted). Interception is not a requirement for SSL bump. Marcus On 13/03/18 11:44, Danilo V wrote:
I mean SSL bump in explicit mode. So intercept is a essencial requirement for running SSL bump? Em ter, 13 de mar de 2018 às 11:10, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx <mailto:uhlar@xxxxxxxxxxx>> escreveu: On 13.03.18 13:44, Danilo V wrote: >Is it possible/feasible to configure squid in explicit mode with ssl >intercept? explicit is not intercept, intercept is not explicit. explicit is where browser is configured (manually or automatically via WPAD) to use the proxy. intercept is where network device forcifully redirects http/https connections to the proxy. maybe you mean SSL bump in explicit mode? >Due to architecture of my network it is not possible to implement >transparent proxy. excuse me? by "transparent" people mean what we usually call "intercept". >What would be the behavior of applications that dont support proxy - i.e. >dont forward requests to proxy? they mest be intercepted. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx <mailto:uhlar@xxxxxxxxxxx> ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0... _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
