Nyamul Hassan wrote:
> Hi,
>
> Sometime ago, a sales pitch from a very well known proxy vendor,
> claimed to have SSL working seamlessly through their cache. Does
> anyone know of a commercial proxy solution that can work without this
> explicit config on the client side?
A TCP-level proxy is needed to legally do that. Squid does not pass
packets through anonymously, but requires the HTTP headers to be visible
for security checks.
HTTPS is designed specifically to prevent middleware decrypting traffic
without the client being informed. Which is why the client needs to
trust the proxy.
>
> On 2010-08-27, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> Shawn Wright wrote:
>>> Got it working after closer inspection of tcpdump output, which revealed a
>>> routing problem.
>>>
>>> Now I need to move on to SSL traffic. We are using Squid 2.6-20 in
>>> production, so clearly we need to upgrade to use SSLbump. Which version of
>>> squid is considered most stable for use with SSLbump, in conjunction with
>>> many ACLs and delay pools.
>>>
>>> Thanks
>>>
>> I should mention that SSL Bump only works for browsers configured
>> explicitly to know the proxy is there and also to trust the proxy
>> generated SSL certificates.
>>
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.7 Beta testers wanted for 3.2.0.1Received on Fri Aug 27 2010 - 08:28:46 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 27 2010 - 12:00:03 MDT