Search squid archive

Re: SSL intercept in explicit mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Amos Jeffries wrote
> FYI this is "server-first all". peek and splice before "bump all" is
> similar but also different in ways that allow it to handle more problems
> in better ways.

I never really got to understand how to implement peek and splice verbs. I
was glad I could get away with server-first!

Any chance someone, or yourself, would rewrite a more detailed example of
how to use them?


Amos Jeffries wrote
> You do need the browser to trust your CA certificate. This is an
> absolute requirement of using SSL-Bump features. Always has been.

To my surprise back then, it was already trusted, but still browser had the
ability to detect interception and warn user about "something bad that is
going on"!

That is why I resorted to browser-aware, user-aware, and consented explicit
bumping. Others might envy me because in my network I managed to convince
management to apply a firewall rule to drop all traffic that does not come
from squid box :) :) which makes my setup unbreakable (and unaffordable to
fail).




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux