Re: [squid-users] Re: Squid log details - HTTPS tunnel detection

From: Adrian Chadd <adrian@dont-contact.us>
Date: Tue, 29 May 2007 00:18:40 +0800

You might want to include mean/median/distribution of read/write IO
sizes on SSL connections; you might find 'normal' SSL accesses
(even with AJAXed stuff?) has different access patterns versus command-line
SSL.

Are there any fingerprint bits in the SSL exchange which would tell
you its at least SSL encrypted traffic, versus just traffic not tunneled
inside SSL? Thats probably a good starting point.

Adrian
Received on Mon May 28 2007 - 10:17:29 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT