[squid-users] Squid 3 SSL bump: Google drive application could not connect
Douglas Davenport
doug1234 at digcorp.net
Sun Jan 4 20:17:20 UTC 2015
I saw a very similar feature in ufdbGuard which is a URL filter implemented
as a Squid Redirector. They have a feature which probes the destination
server for a valid HTTPS cert in parallel to the user's connection and
terminates it if it turns out not to be a valid HTTPS cert. Their code is
open source, maybe this could be helpful in creating such a helper?
http://www.urlfilterdb.com/home.html
On Sat, Jan 3, 2015 at 3:45 AM, Yuri Voinov <yvoinov at gmail.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Term "HTTPS" often uses as "Any connect over 443 port"....
>
> 03.01.2015 13:59, Jason Haar пишет:
> > On 01/01/15 00:11, James Harper wrote:
> >> The helper connects to the IP:port and tries to obtain the
> certificate, and then caches the result (in an sqlite database). If it
> can't do so within a fairly short time it returns failure (but keeps
> trying a bit longer and caches it for next time). Alternatively if the
> IP used to be SSL but is now timing out it returns the previously cached
> value. Negative results are cached for an increasing amount of time each
> time it fails, on the basis that it probably isn't SSL.
> > That sounds great James! I'd certainly like to take a look at it too
> >
> > However, you say "SSL" - did you mean "HTTPS"? ie discovering a ip:port
> > is a IMAPS server doesn't really help squid talk to it - surely you want
> > to discover HTTPS servers - and everything else should be
> > pass-through/splice?
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBAgAGBQJUp6wSAAoJENNXIZxhPexGb8MH/irRYZBuoGjHZrpcI6kweMGv
> YqSjFYUasZ/hlDoN6bbJUKqAfeos0am0OuTy2FxOmA0YVxIEz6sJKj9FzeMJtOSW
> NTZk7IJ7mT6aRg+hKfW3JCEl68RcLb0J/eSNvG6QR6HcqHQODiEE489zcq+o+yn0
> Z45P1WwgQLv6PIIeNXnM7nFtA0ce3D54agu/fr7zC3c1Z72A04BMU0W4dFC9M6Ob
> T2NQz2CsSp+nIDFZjHTaZuBmw5ZjMtrsoO79FT5GyX1lT+tCR9angtI+TYSSis15
> o+/aw1U+yWScZXhdNUz/gjWLbW8WL/9ygVY43Y2laPII+WdlFhaJozEhr5h1e+A=
> =2f0+
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150104/a3bf9234/attachment.html>
More information about the squid-users
mailing list