The way I understand the initial question was to proxy SSL WITH
BROWSER KNOWLEDGE.
this would be of great help for example in accelerator mode :
client --- ssl ---> Squid --- http ---> server
1- The web server would not have to handle the encryption task: gain
of performance and possibility to use an existing web server without
good ssl support
2- The traffic could be monitored for hostile activity by an intrusion
detection tool (lets say snort) on the hub between the squid and the
Web server
I agree with you, that kind of tool would also be usefull for some bad
guys willing to set-up a man-in-the-middle attack.
Anyway, Macrosoft "proxy server" can do it, since several years.
Paul Boyer
Henrik Nordstrom wrote:
>
> senthilvasan wrote:
> >
> > I realise that squid can only tunel SSL. Do you know any other SSL proxy
> > that works like a real proxy, (decrypts and encrypts in the proxy level)? If
> > I find such a proxy, all my problems will be solved..
>
> As I said that you CANNOT DO THAT unless you first cracking the SSL
> encryption. The browser will reject the SSL connection if thouched by
> any host now knowing the private encryption key of the server.
>
> It is not a matter of Squid. It is a matter of how SSL works.
>
> --
> Henrik Nordstrom
> Squid hacker
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Nov 01 2000 - 09:07:29 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:13 MST