On 9/14/21 7:12 PM, Grant Taylor wrote:
I have concerns about "SSL terminating". It sounds to me like you are decidedly outside of the typical enterprise or home network scenario where you are wanting to terminate / intercept / bump-in-the-wire TLS connections. As such, I have *SERIOUS* /concerns/ about the security implications of this. -- But, I'm going to assume that you are well aware of the implications and are addressing them properly. But I'd be remiss to not say something. Moving on.
I meant to add, I'm not convinced that you /need/ to do TLS termination.Or said another way, I'm not convinced that simply proxying CONNECT requests isn't sufficient.
Do you actually /need/ to terminate the TLS? Or is simply proxying the CONNECT request sufficient? Can you stay out of the TLS stream, thereby avoiding any and all security concerns associated with TLS termination?
Proxies have been passing TLS traffic for decades without TLS termination. -- Grant. . . . unix || die
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
