On tor, 2008-05-29 at 21:23 +0800, Treker Chen wrote:
> And if i set "always_direct allow all" in squid.conf, then i can
> connect to https website without problem
Sounds like ssl bump handles decrypted https requests as accelerated
requests by default.. file a bug on that please.
> but i don't think the SSL
> Bump is work under this condition because i saw the certification of
> the website is valid. though at the begging browser will show up the
> warning of invalid ssl certificate.
That's due to the sslbump man-in-the-middle attack on SSL. There is ways
to hide that in controlled environments (like a corporate network with
centrally administered clients) but sslbump do not yet implement the
required fake certificate mangement.
Regards
Henrik
This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:05:14 MDT