Search squid archive

Re: Using squid as transparent proxy causes problem with pages on https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




On 12/04/2012 10:08 p.m., Ahmed Talha Khan wrote:
Also
Will "tranparent" work on https_port? The bowser makes a connection of
443 which i redirect to squid. So will it let the webpages open? They
are not opening for me

On Squid 3.0 and 2.x yes (3.1+ use "intercept" now) . All it does is tell Squid to lookup the local kernel NAT tables for client IP information instead of trusting the TCP packet, and that the request should have some other special origin server specific processing applied.

The problem with https_port intercept has always been, and remains in the current Squid, that the SSL certificate sent to the client does not match the domain the client is contacting. They get a TLS security alert message on every new connection attempt. The dynamic cert generation feature in 3.2 helps, but intercepted HTTPS still mostly lacks the domain name details the generator needs to produce a valid cert (requires SSL SNI feature, which is *legally* risky for most of us dev to implement no techincal problem).

Amos



[Linux Audio Users]     [Photo]     [Yosemite News]     [Samba]     [Video Projectors]     [Video Devices]     [Big List of Linux Books]     [LCD TVs]     [Webcams]     [Linux USB]

  Powered by Linux