----- "Amos Jeffries" <squid3_at_treenet.co.nz> wrote:
> Shawn Wright wrote:
> > Got it working after closer inspection of tcpdump output, which
> revealed a routing problem.
> >
> > Now I need to move on to SSL traffic. We are using Squid 2.6-20 in
> production, so clearly we need to upgrade to use SSLbump. Which
> version of squid is considered most stable for use with SSLbump, in
> conjunction with many ACLs and delay pools.
> >
> > Thanks
> >
>
> I should mention that SSL Bump only works for browsers configured
> explicitly to know the proxy is there and also to trust the proxy
> generated SSL certificates.
I have seen a few people mentioning it can work in transparent (redirect) mode, but I'd rather not venture into unsupported territory in a production environment. Our focus now is to get the most seamless solution using NAT for SSL traffic, and transparent proxy for http traffic, while still providing as much control over SSL as possible.
We use OpenDNS for filtering, but NAT of SSL will not allow us to prevent a user from specifying an https proxy by IP. This is a problem...
Received on Fri Aug 27 2010 - 15:39:04 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 27 2010 - 12:00:04 MDT