[squid-users] SSLBump non-HTTPs connections

Amos Jeffries squid3 at treenet.co.nz
Wed Jun 8 09:20:52 UTC 2016


On 2/06/2016 6:33 p.m., Peter Viskup wrote:
> Hello all,
> just wondering whether it is possible to perform SSLBump/SSLSplit for
> non-HTTPs connections. At the moment we are interested in FTPs.

Only protocols supported for regular proxying by Squid can be
SSL-Bumped. There is no point in doing it for a protocol that will just
get a TCP RST.

FTP is in a grey area since Squid now supports relaying it. But AFAIK we
only support regular un-encrypted FTP. I might be wrong though so you
could give it a go.


> We are running Squid 3.4.2 version.
> 

If you are going to MITM the TLS layer use the latest Squid version and
keep up to date. TLS is undergoing an arms race and older versions dont
work reliably for very long. Changes appear to have slowed a bit
recently, but still the oldest fully/properly working version is the
current 3.5.19.

Amos



More information about the squid-users mailing list