Mikio Kishi wrote:
> Hi, Amos
>
>> HTTPS encrypted traffic cannot be intercepted.
>
> Yes, I know that. but, in this case, not "transparent".
>
>> (1) (2)
>>
>> | |
>> +------+ | +------------+ | +---------+
>> |WWW +---+ | | +----+ WWW |
>> |Client|.2 | .1| squid |.1 | .2| Server |
>> +------+ +-----+ + tproxy +----+ |(tcp/443)|
>> | | (tcp/8080) | | |(tcp/80) |
>> | +------------+ | +---------+
>> 192.168.0.0/24 10.0.0.0/24
>>
>> (1) 192.168.0.2 ------> 192.168.0.1:8080
>> ^^^^^
>> (2) 192.168.0.2 ------> 10.0.0.2:443
>> ^^^
>
> Just only thing I'd like to do is "source address spoofing"
> using tproxy.
>
> Does that make sense ?
No. Squid is perfectly capable of making HTTPS links outbound without
tproxy. The far end only knows that some client connected.
HTTPS cannot be spoofed, its part of the security involved with the SSL
layer.
What exactly are you trying to achieve with this?
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Thu Apr 09 2009 - 06:54:33 MDT
This archive was generated by hypermail 2.2.0 : Sun Apr 12 2009 - 12:00:03 MDT