Re: [squid-users] SSLBump.. could it be used for transparent proxying?

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Tue, 19 Jan 2010 20:12:03 -0700

On 01/19/2010 05:57 PM, Dimitri Syuoul wrote:

> Thank you... for the inmense amount of users who have been waiting
> years.. is there any opportunity that you can release a patch to the
> stable version for this feature to be enabled.. so that we dont have
> to compile the 3.1 beta?

Sorry, but our cycles are probably better spent on moving forward than
on backporting. I hope there are are even more users waiting for other
features on the to-do list.

> Do you know of any opensource alternatives to this solution?

Not sure what you mean. SSL Bump is open source; it is a part of Squid.
The new dynamic SSL certificate generation code will be submitted for
the Squid Project review shortly as well. I am waiting for the final
round of test results to post the patch to squid-dev.

Cheers,

Alex.

> On Tue, Jan 19, 2010 at 5:38 PM, Alex Rousskov
> <rousskov_at_measurement-factory.com> wrote:
>> On 01/13/2010 10:30 AM, Dimitri Syuoul wrote:
>>> Hello,
>>>
>>> Ive been reading over this new feature. It is unclear to me if this
>>> can be used for transparently proxying SSL (by this I mean not
>>> configuring any proxy in the computers of the clients.. it is ok if
>>> clients get cert warnings).
>> Yes, SSL Bump can be used in a transparent environment.
>>
>> Due to a large number of certificate warnings, complex sites that use
>> multiple secure servers on one page are barely usable without dynamic
>> SSL certificate generation though.
>>
>> HTH,
>>
>> Alex.
Received on Wed Jan 20 2010 - 03:12:00 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 20 2010 - 12:00:04 MST