[squid-users] ssl_bump with cache_peer problem: Handshake fail after Client Hello.
Yuri Voinov
yvoinov at gmail.com
Mon Jul 6 12:41:34 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
06.07.15 18:06, Amos Jeffries пишет:
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a lot of sites I can't access.
>>
>> 2) Use local 8118 proxy
>> That works fine without any problem, but SSL_dump is needed...
>> So just prove privoxy are working.
>>
>> Any clue?
>
>> Also, If I disable "ssl_bump" at http_port line, squid works without
>> any problem just as a forwarder.
>> But that makes no sense anyway.
>
> Makes perfect sense. Would you like anybody to be able to decrypt your
> HTTPS traffic and send it as plain-text wherever they want?
Disagree. Not anybody, but anything. Like SpamAsassin reads my mail. And
so what?
>
>
> Squid does not permit that. All inbound encrypted traffic must one way
> or another leave upstream only by encrypted channels.
Aha, without caching. And will we need caching proxy this way?
>
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVmnd+AAoJENNXIZxhPexGAQ0IAKdNK16UITyVODfIdpXeE0J7
XqSuzGNVF29zbZFKF77+0YURoTvP+9QAz0etQqxw/B5vXMSuUmeRABkmzeFmnSJp
aYevXI59j1I+a/1Y+cxR5r99vk+hiEEjNECEq+y1xR7/W3xL1RwaJNlzT9IsbUsU
8lmyZ7WRNIudRmH7DaGiiGdfUC0/hXiKEcEZBhjVe8okYCDKyloG7i4GQisaHZqG
hp2hSckPLp4URhu/qj20i3mrEcplpf1XUvfBnr9FngZni4IiyiclxSAcgCAw3ukE
0dWYtE382Q1WVOLDLsFNYTwBlBuVSko2ddUk246GtBIVhnF6/2D0fmsw2SL3GYc=
=FXay
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list