Hey Amos,
I am not talking about the port 443 https. lets talk about port 80
ssl/http. I have configured the ip-tables correctly to re-direct my
traffic to squid.Now how will the ssl_bump feature behave when
configured as transparent. For me it was not working and is the
problem.
-talha
On Wed, Apr 11, 2012 at 6:11 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 11/04/2012 11:43 p.m., Matus UHLAR - fantomas wrote:
>>
>> On 11.04.12 16:01, Ahmed Talha Khan wrote:
>>>
>>> So whats the advantage of the ssl_bump feature left then if it cannot
>>> act as an ssl endpoint. Does squid not support ssl end-point
>>> termination?
>
>
> Yes. Squid supports ssl end-point termination ...
>
> That is what the 's' in https_port means. Before anything else happens a new
> connection gets SSL negotiated and decrypted using the certificate details
> configured.
>
> Now, take an HTTPS connection, decrypt it with an https_port end-point. What
> is left that you expect ssl-bump to do exactly?
>
>
>>
>> I don't think so. Note that redirecting connection to your own machine and
>> behave as the server is called "man-in-the-middle" attack, and it is a
>> security breach. SSL was designed to make secret, encrypted end-to-end
>> connection between browser and a final server and it should remain so.
>>
>
>
> Amos
>
-- Regards, -Ahmed Talha KhanReceived on Wed Apr 11 2012 - 18:16:30 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 12 2012 - 12:00:02 MDT