RE: [squid-users] controlling https tunnels

From: Elsen Marc <elsen@dont-contact.us>
Date: Wed, 4 Aug 2004 08:38:03 +0200

 
>
> But this does not say that on the remote 443 port its a HTTP server...
>

 Of course and true.

>...
>
> But the user may just click accept on a security warning, also I want

That is the user responsibility and software or enforcement tools
won't be able to change the mind-security-state of a person.

> to eliminate applications that try to use HTTP CONNECT in order to
> tunnel other protocols than HTTP, such as instant messengers or p2p
> programs.
>

As stated 443 is a standard for SSL servers don't think, there will be too
many instant messengers e.d. around offering services on that port. As it is also
privileged (for instance).
So that part of SQUID is a rough initial protections against the CONNECT
feature being abused (indeed).

M.
Received on Wed Aug 04 2004 - 00:41:48 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:01 MDT