Search squid archive

Re: SSL intercept in explicit mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What version are you using Yuri?  Can you share your config?
Everytime I use ssl bump, I have massive memory leaks.  It's been
effectively unusable for me.
--
Aaron Turner
https://synfin.net/         Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality.  "Something cannot emerge from nothing,"
he said.  This is profound thinking if you understand how unstable
"the truth" can be.  -- Frank Herbert, Dune


On Tue, Mar 13, 2018 at 9:10 AM, Yuri <yvoinov@xxxxxxxxx> wrote:
> Moreover,
>
> SSL Bump combines with interception/explicit proxy in one setup.
>
> And works perfectly.
>
>
> 13.03.2018 21:14, Marcus Kool пишет:
>> "SSL bump" is the name of a complex Squid feature.
>> With ssl_bump ACLs one can decide which domains can be 'spliced' (go
>> through the proxy untouched) or can be 'bumped' (decrypted).
>>
>> Interception is not a requirement for SSL bump.
>>
>> Marcus
>>
>> On 13/03/18 11:44, Danilo V wrote:
>>> I mean SSL bump in explicit mode.
>>> So intercept is a essencial requirement for running SSL bump?
>>>
>>> Em ter, 13 de mar de 2018 às 11:10, Matus UHLAR - fantomas
>>> <uhlar@xxxxxxxxxxx <mailto:uhlar@xxxxxxxxxxx>> escreveu:
>>>
>>>     On 13.03.18 13:44, Danilo V wrote:
>>>      >Is it possible/feasible to configure squid in explicit mode
>>> with ssl
>>>      >intercept?
>>>
>>>     explicit is not intercept, intercept is not explicit.
>>>
>>>     explicit is where browser is configured (manually or
>>> automatically via WPAD)
>>>     to use the proxy.
>>>
>>>     intercept is where network device forcifully redirects http/https
>>> connections
>>>     to the proxy.
>>>
>>>     maybe you mean SSL bump in explicit mode?
>>>
>>>      >Due to architecture of my network it is not possible to implement
>>>      >transparent proxy.
>>>
>>>     excuse me?
>>>     by "transparent" people mean what we usually call "intercept".
>>>
>>>      >What would be the behavior of applications that dont support
>>> proxy - i.e.
>>>      >dont forward requests to proxy?
>>>
>>>     they mest be intercepted.
>>>
>>>     --
>>>     Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx
>>> <mailto:uhlar@xxxxxxxxxxx> ; http://www.fantomas.sk/
>>>     Warning: I wish NOT to receive e-mail advertising to this address.
>>>     Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>>     Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
>>>     _______________________________________________
>>>     squid-users mailing list
>>>     squid-users@xxxxxxxxxxxxxxxxxxxxx
>>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>>>     http://lists.squid-cache.org/listinfo/squid-users
>>>
>>>
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> http://lists.squid-cache.org/listinfo/squid-users
>
> --
> "C++ seems like a language suitable for firing other people's legs."
>
> *****************************
> * C++20 : Bug to the future *
> *****************************
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux