RE: Squid HEAD : intercept SSLBump server first + out of Squid box NAT redirection

Hi,

Thank you for your answer.

I understand I cannot redirect SSL web traffic to intercepting Squid using NAT from another box, as Squid won't be able to figure out the destination address, right ?

Vincent
-----Message d'origine-----
De : Alex Rousskov [mailto:rousskov_at_measurement-factory.com]
Envoyé : mercredi 14 novembre 2012 19:34
À : Vincent Miszczak
Cc : squid-dev_at_squid-cache.org
Objet : Re: Squid HEAD : intercept SSLBump server first + out of Squid box NAT redirection

On 11/14/2012 11:17 AM, Vincent Miszczak wrote:

> I'd like to know how Squid resolves the remote host when handling an
> intercepted server-first bumped connection, so I'll be able to setup
> my network accordingly.

Using the destination address of the intercepted TCP connection, Squid securely connects to the origin server, receives the origin server SSL certificate, and generates a fake SSL certificate by mimicking origin server certificate properties. After all of the above, Squid secures the connection with the client by performing an SSL handshake using the fake SSL certificate.

Alex.

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.