Re: [squid-users] [Fwd: ssl-bump and tunneling]

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Sat, 26 Apr 2014 22:43:31 +0300

Hey James,

Indeed there is a way.
It's kind of basic logic of interception.
SSL interception works with dst IP only as the basic level of the function.
When the SSL is being intercepted the only level of the connection
available is the IP and only after intercepting it becomes the level of
the domain from squid point of view.
There might be another way to "identify" the destination domain by the
certificate but it can be a fake one so I don't think it will be even done.

Regards,
Eliezer

On 04/26/2014 10:10 PM, James Lay wrote:
> Well there it is then...I've done the iptables thing to bypass these for
> now...is there any way to see exactly why these aren't functioning
> through as Intercepted? In any case thanks for the response..that does
> help me.
>
> James
Received on Sat Apr 26 2014 - 19:44:44 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 27 2014 - 12:00:05 MDT