[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] Does anyone know how to make SSL bump work?
From:       Henrik Nordstrom <henrik () henriknordstrom ! net>
Date:       2008-05-29 23:35:21
Message-ID: 1212104121.5160.14.camel () henriknordstrom ! net
[Download RAW message or body]


On tor, 2008-05-29 at 21:23 +0800, Treker Chen wrote:

> And if i set "always_direct allow all" in squid.conf, then i can
> connect to https website without problem

Sounds like ssl bump handles decrypted https requests as accelerated
requests by default.. file a bug on that please.

> but i don't think the SSL
> Bump is work under this condition because i saw the certification of
> the website is valid. though at the begging browser will show up the
> warning of invalid ssl certificate.

That's due to the sslbump man-in-the-middle attack on SSL. There is ways
to hide that in controlled environments (like a corporate network with
centrally administered clients) but sslbump do not yet implement the
required fake certificate mangement.

Regards
Henrik

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]