Re: [squid-users] Using squid as transparent proxy causes problem with pages on https

From: Ahmed Talha Khan <auny87_at_gmail.com>
Date: Fri, 13 Apr 2012 12:17:14 +0500

What about the looping in the browser? Y getting re-directed to the
same URL again? I have posted this as a seperate question on the
forum? How is it possible, in what configuration to access https pages
while running squid? You may want to answer on the 2nd
question..Thanks

-talha

On Fri, Apr 13, 2012 at 12:03 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 12/04/2012 10:08 p.m., Ahmed Talha Khan wrote:
>>
>> Also
>> Will "tranparent" work on https_port? The bowser makes a connection of
>> 443 which i redirect to squid. So will it let the webpages open? They
>> are not opening for me
>
>
> On Squid 3.0 and 2.x yes (3.1+ use "intercept" now) . All it does is tell
> Squid to lookup the local kernel NAT tables for client IP information
> instead of trusting the TCP packet, and that the request should have some
> other special origin server specific processing applied.
>
> The problem with https_port intercept has always been, and remains in the
> current Squid, that the SSL certificate sent to the client does not match
> the domain the client is contacting. They get a TLS security alert message
> on every new connection attempt. The dynamic cert generation feature in 3.2
> helps, but intercepted HTTPS still mostly lacks the domain name details the
> generator needs to produce a valid cert (requires SSL SNI feature, which is
> *legally* risky for most of us dev to implement no techincal problem).
>
> Amos
>

-- 
Regards,
-Ahmed Talha Khan
Received on Fri Apr 13 2012 - 07:17:20 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 13 2012 - 12:00:04 MDT