On 29/07/2013 2:30 a.m., Eliezer Croitoru wrote:
> On 07/28/2013 03:37 PM, csn233 wrote:
>> To intercept HTTPS traffic, is SSL-bump a must? Even when I only want
>> to record the CONNECT traffic in access.log just like a normal forward
>> proxy without decrypting anything?
>>
>> Is this any different with TPROXY?
>>
> Indeed SSL-bump is a must..
> You will be able to record the CONNECT traffic when using:
> "sslbump deny all" like acl.
> I do not remember the exact way to do it but it is possible.
>
> Eliezer
Beyond the minor fact that there should be *no* CONNECT traffic on
intercepted port 80 or port 443 because CONNECT is a client-to-proxy
request method - which should only be seen on port 3128 or similar HTTP
proxy ports.
The current releases of Squid (3.3.8 and 3.4.0.1) should take
intercepted port-443 traffic and relay it untouched if there is no
decrypting done. They may convert it into a CONNECT if the traffic needs
relaying to a cache_peer, but otherwise it is just tunneled along to the
original destination server.
Amos
Received on Sun Jul 28 2013 - 23:21:38 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 29 2013 - 12:00:33 MDT