Search squid archive

Re: Adding an extra header to TLS connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2024-05-23 13:06, Robin Wood wrote:
I've tried searching for Squid and sslbump and not found anything useful that works with the current version, that is why I'm asking here, I was hoping someone could point me at an example that would definitely work with the current version of Squid.

FWIW, most of the basics are covered at
https://wiki.squid-cache.org/Features/SslPeekAndSplice

That page was written for a feature introduced in v3.5, but it is not specific to that Squid version.


HTH,

Alex.


     > On May 23, 2024, at 08:49, Alex Rousskov wrote:
     >
     > On 2024-05-22 03:49, Robin Wood wrote:
     >
     >> I'm trying to work out how to add an extra header to a TLS
    connection.
     >
     > I assume that you want to add a header field to an HTTP request
    or response that is being transmitted inside a TLS connection
    between a TLS client (e.g., a user browser) and an HTTPS origin server.
     >
     > Do you control the client that originates that TLS connection (or
    its OS/environment) or the origin server? If you do not, then what
    you want is impossible -- TLS encryption exists, in part, to prevent
    such traffic modifications.
     >
     > If you control the client that originates that TLS connection (or
    its OS/environment), then you may be able to, in _some_ cases, add
    that header by configuring the client (or its OS/environment) to
    trust you as a Certificate Authority, minting your own X509
    certificates, and configuring Squid to perform a "man in the middle"
    attack on client-server traffic, using your minted certificates. You
    can search for Squid SslBump to get more information about this
    feature, but the area is full of insurmountable difficulties and
    misleading advice. Avoid it if at all possible!
     >
     >
     > HTH,
     >
     > Alex.
     >
     >
     >> I've found information on how to do it on what I think is the
    pre-3.5 release, but I can't find any useful information on doing it
    on the current version.
     >> Could someone give me an example or point me at some
    documentation on how to do it.
     >> Thanks
     >> Robin
     >> _______________________________________________
     >> squid-users mailing list
     >> squid-users@xxxxxxxxxxxxxxxxxxxxx
    <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
     >> https://lists.squid-cache.org/listinfo/squid-users
    <https://lists.squid-cache.org/listinfo/squid-users>
     >
     > _______________________________________________
     > squid-users mailing list
     > squid-users@xxxxxxxxxxxxxxxxxxxxx
    <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
     > https://lists.squid-cache.org/listinfo/squid-users
    <https://lists.squid-cache.org/listinfo/squid-users>
    _______________________________________________
    squid-users mailing list
    squid-users@xxxxxxxxxxxxxxxxxxxxx
    <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
    https://lists.squid-cache.org/listinfo/squid-users
    <https://lists.squid-cache.org/listinfo/squid-users>


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux