Search squid archive

Re: Adding an extra header to TLS connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2024-05-22 03:49, Robin Wood wrote:

I'm trying to work out how to add an extra header to a TLS connection.

I assume that you want to add a header field to an HTTP request or response that is being transmitted inside a TLS connection between a TLS client (e.g., a user browser) and an HTTPS origin server.

Do you control the client that originates that TLS connection (or its OS/environment) or the origin server? If you do not, then what you want is impossible -- TLS encryption exists, in part, to prevent such traffic modifications.

If you control the client that originates that TLS connection (or its OS/environment), then you may be able to, in _some_ cases, add that header by configuring the client (or its OS/environment) to trust you as a Certificate Authority, minting your own X509 certificates, and configuring Squid to perform a "man in the middle" attack on client-server traffic, using your minted certificates. You can search for Squid SslBump to get more information about this feature, but the area is full of insurmountable difficulties and misleading advice. Avoid it if at all possible!


HTH,

Alex.


I've found information on how to do it on what I think is the pre-3.5 release, but I can't find any useful information on doing it on the current version.

Could someone give me an example or point me at some documentation on how to do it.

Thanks

Robin

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux