Search squid archive

Re: Using squid as transparent proxy causes problem with pages on https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
On 11/04/2012 11:43 p.m., Matus UHLAR - fantomas wrote:

On 11.04.12 16:01, Ahmed Talha Khan wrote:

So whats the advantage of the ssl_bump feature left then if it cannot
act as an ssl endpoint. Does squid not support ssl end-point
termination?


Yes. Squid supports ssl end-point termination ...
That is what the 's' in https_port means. Before anything else happens a new connection gets SSL negotiated and decrypted using the certificate details configured.
Now, take an HTTPS connection, decrypt it with an https_port end-point. What is left that you expect ssl-bump to do exactly?
I don't think so. Note that redirecting connection to your own machine and behave as the server is called "man-in-the-middle" attack, and it is a security breach. SSL was designed to make secret, encrypted end-to-end connection between browser and a final server and it should remain so. 




Amos

[Linux Audio Users]     [Photo]     [Yosemite News]     [Samba]     [Video Projectors]     [Video Devices]     [Big List of Linux Books]     [LCD TVs]     [Webcams]     [Linux USB]

  Powered by Linux