Re: [squid-users] Issues with ssl-bump in 3.HEAD

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Fri, 13 Jun 2014 09:02:31 -0600

On 06/12/2014 08:36 PM, Mike wrote:

> So then next question is how do I know for sure ssl-bump is working?

A simple test is to look at the root CA certificate shown by the browser
at the *top* of the certificate chain for a secure (https) site. Please
note that you should not be looking at the site certificate. You should
be looking at the certificate that was used to sign the site certificate
(or the certificate that was used to sign the certificate that was used
to sign the site certificate, etc. -- go to the root of the certificate
chain).

If that root certificate is yours, then the site was bumped. If it is an
"official" root CA from a "well-known" company, the site was not bumped.

To check SslBump for many sites, you have to examine Squid logs which is
more difficult, especially if you test this with a mix of secure and
insecure traffic.

HTH,

Alex.
Received on Fri Jun 13 2014 - 15:02:50 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 13 2014 - 12:00:06 MDT