[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

Alex Rousskov rousskov at measurement-factory.com
Tue Nov 1 20:58:32 UTC 2016


On 11/01/2016 02:47 PM, Yuri Voinov wrote:

> if the SSL bump will be impossible to do -
> whether it should be understood that in such a situation you close the
> project Squid as unnecessary? :) Seriously, why does it then need to be
> in a world without HTTP?

Believe it or not, there are still many Squid use cases where bumping is
unnecessary. This includes, but is not limited to, HTTPS proxying cases
with peek/splice/terminate rules and environments where Squid possesses
the certificate issued by CAs trusted by clients. There are also IETF
attempts to standardize transmission of encrypted but proxy-cachable
content.

I agree that Squid user base will shrink if nobody can bump 3rd party
traffic, but that reduction alone will not kill Squid.

Alex.


More information about the squid-users mailing list