Search squid archive

Re: SSL intercept in explicit mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Moreover,

SSL Bump combines with interception/explicit proxy in one setup.

And works perfectly.


13.03.2018 21:14, Marcus Kool пишет:
> "SSL bump" is the name of a complex Squid feature.
> With ssl_bump ACLs one can decide which domains can be 'spliced' (go
> through the proxy untouched) or can be 'bumped' (decrypted).
>
> Interception is not a requirement for SSL bump.
>
> Marcus
>
> On 13/03/18 11:44, Danilo V wrote:
>> I mean SSL bump in explicit mode.
>> So intercept is a essencial requirement for running SSL bump?
>>
>> Em ter, 13 de mar de 2018 às 11:10, Matus UHLAR - fantomas
>> <uhlar@xxxxxxxxxxx <mailto:uhlar@xxxxxxxxxxx>> escreveu:
>>
>>     On 13.03.18 13:44, Danilo V wrote:
>>      >Is it possible/feasible to configure squid in explicit mode
>> with ssl
>>      >intercept?
>>
>>     explicit is not intercept, intercept is not explicit.
>>
>>     explicit is where browser is configured (manually or
>> automatically via WPAD)
>>     to use the proxy.
>>
>>     intercept is where network device forcifully redirects http/https
>> connections
>>     to the proxy.
>>
>>     maybe you mean SSL bump in explicit mode?
>>
>>      >Due to architecture of my network it is not possible to implement
>>      >transparent proxy.
>>
>>     excuse me?
>>     by "transparent" people mean what we usually call "intercept".
>>
>>      >What would be the behavior of applications that dont support
>> proxy - i.e.
>>      >dont forward requests to proxy?
>>
>>     they mest be intercepted.
>>
>>     --
>>     Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx
>> <mailto:uhlar@xxxxxxxxxxx> ; http://www.fantomas.sk/
>>     Warning: I wish NOT to receive e-mail advertising to this address.
>>     Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>     Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
>>     _______________________________________________
>>     squid-users mailing list
>>     squid-users@xxxxxxxxxxxxxxxxxxxxx
>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>>     http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux