Search squid archive

Re: Sending CONNECT method requests over HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20.05.20 05:07, Ronan Lucio wrote:
I read a similar thread a couple of weeks ago, but my scenario has
some differences.
Anyway, my need is sending CONNECT method requests over HTTPS as well.

already possible.

If read the docs and just would like to confirm with you if I got it right:

1)
To send CONNECT method requests over HTTPS I'm supposed to use https_port.

no. It's very common to use HTTP proxy over HTTP, and the CONNECT requests
creates communication between client and server

May I use it on the same way as http_port (without intercept, proxy,
or accelerate)?

yes.

2)
If I need to apply ACL rules to restrict some destinations, I'm
supposed to use bump_ssl.

without bumping, you can only see the destination host:port and possible
hostname sent in the SNI request and contents of the SSL certificate.

for anything else (like the https path) you must bump the connection:
decrypt the SSL tunnel, behave as the server to the client (providing it
with certificate client trusts) and behave as client to the server
(which makes e.g. SSL authentication impossible).

Note that doing this can compromise clients' security and can cause legal
issues.

--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux