[squid-dev] Introduction / SslBump upstream ssl proxy support
Mihai Ene
dkrandu at yahoo.com
Thu Jul 20 13:11:44 UTC 2017
Hello,
I'm a developer with higher level languages experience very little commercial c++ development on my hands.
I've been following the SslBump feature for a while now, and this includes source code changes. SslBumping with upstream proxies was completely restricted when bug 3209 was patched in 2011, however, I believe the patch is too restrictive. I agree with Amos's statement that a plaintext information leak is highly unsafe, but the patch also prevents ssl upstream proxies usage.
In order to prevent plaintext and still use upstream proxies, I propose the following changes (tested in intranet, in production) which enable upstream proxies after ssl bumping, as long as the proxies are ssl themselves:
- version 4.x https://github.com/randunel/squid4/commit/c91995833370771f9903b374f17a0d774643c2b3- version 3.5.x https://github.com/randunel/squid3/commit/a72a47cf0d54bf17faefcfe7692182d82d6520ab
Best regards,Mihai Ene
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170720/dc01822e/attachment-0001.html>
More information about the squid-dev
mailing list