Thanks for the reply,
Speaking strictly about TPROXY, are there any limitations compared to regular transparent intercept?
We have full control of the network and TCP routing.
We have done regular https intercept in the past and is working fine, but now we would like to try TPROXY in bridging mode instead of routing mode.
Thanks,
On Sat, Feb 15, 2020 at 3:17 AM Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 15/02/20 10:28 am, Felipe Polanco wrote:
> Hi,
>
> Can squid running in TPROXY mode intercept and decrypt HTTPS payload
> with sslBump?
>
Maybe. It can do so about as well as NAT intercept mode can.
Wherther TPROXY works depends on what level of access you have to
control the TCP packet routing.
Whether SSL-Bump can decrypt depends on what TLS features are being used
by the HTTPS traffic - and whether it is HTTPS at all.
These things are only loosely related.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
