[squid-users] sslBump adventures in enterprise production environment

Yuri Voinov yvoinov at gmail.com
Sun Nov 15 19:14:35 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
It's common knowledge. Squid is unable to pass an unknown protocol on
the standard port. Consequently, the ability to proxy this protocol does
not exist.

If it was simply a tunneling ... It is not https. And not just
HTTP-over-443. This is more complicated and very marginal protocol.

16.11.15 1:03, Eugene M. Zheganin пишет:
> Hi.
>
> On 15.11.2015 0:43, Walter H. wrote:
>> On 13.11.2015 14:53, Yuri Voinov wrote:
>>> There is no solution for ICQ with Squid now.
>>>
>>> You can only bypass proxying for ICQ clients.
>> from where do the ICQ clients get the trusted root certificates?
>> maybe this is the problem, that e.g. the squid CA cert is only
>> installed in FF
>> and nowhere else ...
> From nowhere. It's not even a HTTPS, its a tunneled HTTP CONNECT. But
> squid for some reason thinks there shoudl be a HTTPS inside.
>
> Eugene.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWSNmbAAoJENNXIZxhPexGb3EH/iF1kJQvvNODlf8YysuYZofc
vXqGhM+BERZenp1OgMVWt0MDEianQ/4C2zIoOgvDqyMD10in5bMDo54mT0HShBEC
kP92NGPGmNTjJXWARUNWZAELx1Mzn+Z5XfY0ySxQDyHxpmkvpX/g7IE7uzdGiRJp
0Sn4x5WOUUbdUAbeSGTyC4rSpZr94vBDGHfWsKsCFaYqH2XkPCbrmg9YzxL20+6Q
W8UUtsval65Wima7QwyFEY08kIKP+mj1uOesQOM4A/Qd7jo+tsX86xdvXuAUiLo+
bgj2Hd3fEIijzb7c/sIZBO2OUnKPILiYe7UZr4nkFu6NB1f4FX2qYtHxXKT5BMQ=
=yhB5
-----END PGP SIGNATURE-----



More information about the squid-users mailing list