Re: [squid-users] Using squid as transparent proxy causes problem with pages on https

From: Ahmed Talha Khan <auny87_at_gmail.com>
Date: Wed, 11 Apr 2012 16:50:05 +0500

Hey Matus,

I understand that issue. What i am saying is that i was able to
ssl_bump into the connections(i offloaded content to an ICAP server
and could see the de-ciphered text and logins) when i configured the
proxy in my browser. In that case squid acted like an ssl-endpoint?
and now in the case of transparently doing it, it is unable to do it?
Correct me if i am wrong.

regards,
-talha

On Wed, Apr 11, 2012 at 4:43 PM, Matus UHLAR - fantomas
<uhlar_at_fantomas.sk> wrote:
> On 11.04.12 16:01, Ahmed Talha Khan wrote:
>>
>> So whats the advantage of the ssl_bump feature left then if it cannot
>> act as an ssl endpoint. Does squid not support ssl end-point
>> termination?
>
>
> I don't think so. Note that redirecting connection to your own machine and
> behave as the server is called "man-in-the-middle" attack, and it is a
> security breach.  SSL was designed to make secret, encrypted end-to-end
> connection between browser and a final server and it should remain so.
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 99 percent of lawyers give the rest a bad name.

-- 
Regards,
-Ahmed Talha Khan
Received on Wed Apr 11 2012 - 11:50:11 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 11 2012 - 12:00:03 MDT