On 2014-02-25 22:17, kannan rbk wrote:
> In our office, we are using squid to restrict users to connect only
> particular web sites and urls. If a user is connecting a web page via
> https, url_regex acl will not work. In a https request, we have
> control over domain only. But we need to restrict on url level. So, we
> used ssl bump to intercept the https requests. Its working fine, but
> we got some ssl warnings in browser.
>
>
> Google Chrome Warning
>
> Cannot connect to the real ziopert.com
>
>
> Is this possible to intercept a ssl connection in bump without any
> browser warnings?
Only if you have a CA certificate installed in that browser AND if the
browser accepts your CA for that website. Chrome are taking a hard-line
stance on TLS being secure, rather than the loophole mess ssl-bump takes
advantage of.
You could try upgrading your proxy and using
http://wiki.squid-cache.org/Features/BumpSslServerFirst. That might
improve your situation a little, but there is not much hope as SSL was
designed to its core to detect third-parties accessing the encryption.
Amos
Received on Tue Feb 25 2014 - 20:48:35 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 26 2014 - 12:00:06 MST