[squid-users] could sslbump handle client certs better?
Jason Haar
Jason_Haar at trimble.com
Wed Nov 5 22:35:37 UTC 2014
I haven't tested this so I may be embarrassing myself, but I doubt
client certs and sslbump play nicely together as the end-server would
never see any possible client cert interaction
I was wondering how quickly the need of a client cert is announced?
Could/does squid notice the server requirement for client certs and fall
back into passthrough mode? It would certainly be a great option to
have. ie force most https traffic through sslbump, but allow squid to
bypass it for the (very) few sites that require client certs. Some may
want to turn off such a feature, but most would probably be like me and
purely interested in using sslbump for enabling SSL content filtering,
and I really doubt we'll be seeing many viruses via client-cert
protected https any time soon ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the squid-users
mailing list