On 2024-05-23 13:06, Robin Wood wrote:
I've tried searching for Squid and sslbump and not found anything useful
that works with the current version, that is why I'm asking here, I was
hoping someone could point me at an example that would definitely work
with the current version of Squid.
FWIW, most of the basics are covered at
https://wiki.squid-cache.org/Features/SslPeekAndSplice
That page was written for a feature introduced in v3.5, but it is not
specific to that Squid version.
HTH,
Alex.
> On May 23, 2024, at 08:49, Alex Rousskov wrote:
>
> On 2024-05-22 03:49, Robin Wood wrote:
>
>> I'm trying to work out how to add an extra header to a TLS
connection.
>
> I assume that you want to add a header field to an HTTP request
or response that is being transmitted inside a TLS connection
between a TLS client (e.g., a user browser) and an HTTPS origin server.
>
> Do you control the client that originates that TLS connection (or
its OS/environment) or the origin server? If you do not, then what
you want is impossible -- TLS encryption exists, in part, to prevent
such traffic modifications.
>
> If you control the client that originates that TLS connection (or
its OS/environment), then you may be able to, in _some_ cases, add
that header by configuring the client (or its OS/environment) to
trust you as a Certificate Authority, minting your own X509
certificates, and configuring Squid to perform a "man in the middle"
attack on client-server traffic, using your minted certificates. You
can search for Squid SslBump to get more information about this
feature, but the area is full of insurmountable difficulties and
misleading advice. Avoid it if at all possible!
>
>
> HTH,
>
> Alex.
>
>
>> I've found information on how to do it on what I think is the
pre-3.5 release, but I can't find any useful information on doing it
on the current version.
>> Could someone give me an example or point me at some
documentation on how to do it.
>> Thanks
>> Robin
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>> https://lists.squid-cache.org/listinfo/squid-users
<https://lists.squid-cache.org/listinfo/squid-users>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
> https://lists.squid-cache.org/listinfo/squid-users
<https://lists.squid-cache.org/listinfo/squid-users>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
https://lists.squid-cache.org/listinfo/squid-users
<https://lists.squid-cache.org/listinfo/squid-users>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
