[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] internet squid with https and just for domain resolution not for caching or so
From:       Alex Rousskov <rousskov () measurement-factory ! com>
Date:       2018-08-31 16:57:44
Message-ID: c439eab7-acbc-d6c4-d484-86fd63e2f4f6 () measurement-factory ! com
[Download RAW message or body]

On 08/31/2018 09:44 AM, --Ahmad-- wrote:

> if i wan to enable squid into intercpt/transparent or transparent
> TCP_connect 
> 
> i dont want to decrypt the message 
> 
> all what i need say client requested google.com

Extracting intended domain name information is usually possible today by
examining TLS SNI values.

However, the few folks controlling most of the world HTTPS traffic are
working on making domain name information unavailable to (or at least
essentially unusable by) proxies. Thus, I would not expect SNI-based
logic to work long-term.

Alex.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[prev in list] [next in list] [prev in thread] [next in thread]