>
> Is it possible for squid to intercept and apply acl's to https without actually
> decrypting and generating certificates etc? The conversation would go
> something like:
>
It actually almost works if I put a dummy cert on the https_port config line with ssl-bump, but then use none for ssl_bump. In order to parse the dstdomain, I assume squid must be getting the cert cn first, right? Unfortunately it seems to throw the details it gathered away after checking what bump to use as all I get in there is the destination IP. Logging %ssl::>cert_subject just shows "-".
James
Received on Fri Jul 11 2014 - 12:24:27 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 11 2014 - 12:00:04 MDT