Re: [squid-users] intercepting SSL connections with client certificate

From: shawn wilson <ag4ve.us_at_gmail.com>
Date: Tue, 19 Nov 2013 11:18:39 -0500

Maybe try url_rewrite_program?
See: http://www.visolve.com/squid/squid26/externalsupport.php#url_rewrite_program

On Tue, Nov 19, 2013 at 9:54 AM, Shinoj Gangadharan
<sgangadharan_at_wavecrest.gi> wrote:
> Hi Eliezer,
>
> I need access log with url and time taken by the server for debugging some
> issues. I will be intercepting SSL only for a week or so till the issue is
> resolved.
>
> Regards,
> Shinoj.
>
> -----Original Message-----
>
> From: Eliezer Croitoru [mailto:eliezer_at_ngtech.co.il]
> Sent: Tuesday, November 19, 2013 8:01 PM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] intercepting SSL connections with client
> certificate
>
> Hey Shinoj,
>
> Your problem is not your own.
> The main issue with SSL is even intercepting it.
> I would not just say it on the law side of the matter.
>
> One of the issues is that SSL should be and end-to-end connection.
> In infrastructure that a SSL encryption is enabled the SSL end point in
> many cases do that as a SSL dedicated HW\SW node.
> Behind a SSL reverse proxy there can be a whole new Internet for example.
>
> So breaking the SSL is as you see a very complicated task.
> I would assume that when SSL interception is being done it means that
> these connections needs inspection and it is possible that a client
> certificate is not even allowed as a policy.
>
> I can think of a VPN solutions that use client side certificates.
>
> In this case I would assume that access to encrypted information from
> inside this place will be so restricted that only system and engineering
> staff will be allowed to access some places.
>
> Best Regards,
> Eliezer
>
> On 19/11/13 15:39, Shinoj Gangadharan wrote:
>> I guess I am stuck:)
>>
>> Thanks and Regards,
>> Shinoj.
Received on Tue Nov 19 2013 - 16:19:07 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 20 2013 - 12:00:04 MST