[squid-users] Squid 3 SSL bump: Google drive application could not connect
Yuri Voinov
yvoinov at gmail.com
Sun Jan 4 20:26:32 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
To return to Earth:
I think, a good idea is built-in (ma be, in ssl_crtd?) functionality to
check 443 port connection for "Is an HTTPS inside?" and if no, do not
bump by default.
This is so simple and fast, is it? And we can have some config option to
disable this function.......Or not.....
;)
05.01.2015 2:17, Douglas Davenport пишет:
> I saw a very similar feature in ufdbGuard which is a URL filter implemented as a Squid Redirector. They
have a feature which probes the destination server for a valid HTTPS
cert in parallel to the user's connection and terminates it if it turns
out not to be a valid HTTPS cert. Their code is open source, maybe this
could be helpful in creating such a helper?
>
> http://www.urlfilterdb.com/home.html
>
> On Sat, Jan 3, 2015 at 3:45 AM, Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>> wrote:
>
>
> Term "HTTPS" often uses as "Any connect over 443 port"....
>
> 03.01.2015 13:59, Jason Haar пишет:
> > On 01/01/15 00:11, James Harper wrote:
> >> The helper connects to the IP:port and tries to obtain the
> certificate, and then caches the result (in an sqlite database). If it
> can't do so within a fairly short time it returns failure (but keeps
> trying a bit longer and caches it for next time). Alternatively if the
> IP used to be SSL but is now timing out it returns the previously cached
> value. Negative results are cached for an increasing amount of time each
> time it fails, on the basis that it probably isn't SSL.
> > That sounds great James! I'd certainly like to take a look at it too
>
> > However, you say "SSL" - did you mean "HTTPS"? ie discovering a ip:port
> > is a IMAPS server doesn't really help squid talk to it - surely you want
> > to discover HTTPS servers - and everything else should be
> > pass-through/splice?
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUqaH3AAoJENNXIZxhPexG+VAH/3+fQfAUA1IdCXTdvZXjR2Ih
2AAa2d/mPOQtk1RNTk7PUxp1tIuUVt054euuwnhxItGSIb6OB7U2fTHK1k3BF+ta
BG6fyghpKYFBHJkloYX6m45g7K3vgpKEjVPDQZuaUz1CBZ67ie/ThngxmgNwFqaO
HbDvcX6FnvYeplRDrsx8DATD7fqujw5wy6ZI+23bXAOf4j7PO6zwIeoh4hSkMhr/
7ZRBYv2T6iYh+sL3XiYgVh9fWcGy2O2ovJLW/2AA4YXnlEAGLgbgVZCiF6jIdomn
iSiel6enLOCDneLsMcW1h+n7HNTTpv6N2D5ATMEcf8kz3ACmH99mBhk2bh9jQ94=
=Iw5c
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150105/69a505dd/attachment.html>
More information about the squid-users
mailing list