Leonardo Carneiro - Veltrac wrote:
>
> Amos Jeffries wrote:
>> Some factums worth knowing:
>>
>> * 3.0 does not support sslBump or any other form of HTTPS
>> man-in-middle attacks. 3.1 is required for that.
>>
>> * sslBump in 3.1 requires that the client machines all have a CA
>> certificate installed to make them trust the proxy for decryption.
>>
>> * sslBump requires clients to be configured for using the proxy.
>> (Some of the 'transparent' above work this way some do not.)
>>
>> Amos
> Hi Amos. What is the vantage of use sslBump if I cannot use a
> transparent proxy with it? Is the ability to cache SSL content?
> Tks in advance.
Somewhat. Mostly for corporate networks AV scanning or filtering HTTPS
connections.
Amos
-- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25 Current Beta Squid 3.1.0.18Received on Wed Mar 24 2010 - 12:37:01 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 24 2010 - 12:00:06 MDT