If squid is configure to use ICAP and the ICAP server supports
RESMOD would the ICAP server be given the full response unencrypted?
On Mon, Feb 06, 2012 at 12:03:11AM +0100, Henrik Nordström wrote:
> sön 2012-02-05 klockan 14:12 -0500 skrev PS:
>
> > Shouldn't I be able to decrypt the connection between the client and the squid server in order to see the traffic that is being sent to gmail?
>
> Yes, if you are using ssl-bump, and you have access to the temp
> certificate used by Squid.
>
> But
> a) ssldump do not handle AES encryption. There is patches to add AES,
> but these have not made it into an official release yet, if there ever
> will be an updated official release.
> b) or a number of other more modern things such as DH exchanges
>
> so you may need to restrict the list of supported ciphers a bit for
> decryption to be possible,
>
> You may have better luck trying the SSL decoder found in wireshark. But
> it's not as easy to work with.
>
> And remember that you can only decode
> client<->squid_with_known_fake_cert traffic not squid<->server
>
> Another option would be to use mitmproxy. It does the same SSL intercept
> as Squid ssl-bump but for very different purposes. Which tool suits you
> best depends on what it really is you want to accomplish.
>
> Regards
> Henrik
>
-- James R. Leu jleu_at_mindspring.com
This archive was generated by hypermail 2.2.0 : Mon Feb 06 2012 - 12:00:01 MST