Now it make more sense to me.
Yes, right now I am only seeing plain text ICAP headers for all https
traffic. But I see whole payload for http traffic on ICAP port. Which you
already mentioned that squid sends http message if it is able to parse it.
As you say that ssl-bump will convert CONNECT to series of http request. I
tried tcpdump on port 3128 (squid)/80/443/1344(ICAP) . But in all this case
I only see unencrypted HTTP request for https traffic. However not able to
see payload.
Does ssl-bump decrypt the payload as well and make it available as plain
text. ???
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/https-traffic-using-squid-and-icap-tp4660720p4660733.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Fri Jun 21 2013 - 01:50:05 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 21 2013 - 12:00:36 MDT