[squid-users] SSL intercept in explicit mode

Yuri yvoinov at gmail.com
Tue Mar 13 16:10:13 UTC 2018 

Moreover,

SSL Bump combines with interception/explicit proxy in one setup.

And works perfectly.


13.03.2018 21:14, Marcus Kool пишет:
> "SSL bump" is the name of a complex Squid feature.
> With ssl_bump ACLs one can decide which domains can be 'spliced' (go
> through the proxy untouched) or can be 'bumped' (decrypted).
>
> Interception is not a requirement for SSL bump.
>
> Marcus
>
> On 13/03/18 11:44, Danilo V wrote:
>> I mean SSL bump in explicit mode.
>> So intercept is a essencial requirement for running SSL bump?
>>
>> Em ter, 13 de mar de 2018 às 11:10, Matus UHLAR - fantomas
>> <uhlar at fantomas.sk <mailto:uhlar at fantomas.sk>> escreveu:
>>
>>     On 13.03.18 13:44, Danilo V wrote:
>>      >Is it possible/feasible to configure squid in explicit mode
>> with ssl
>>      >intercept?
>>
>>     explicit is not intercept, intercept is not explicit.
>>
>>     explicit is where browser is configured (manually or
>> automatically via WPAD)
>>     to use the proxy.
>>
>>     intercept is where network device forcifully redirects http/https
>> connections
>>     to the proxy.
>>
>>     maybe you mean SSL bump in explicit mode?
>>
>>      >Due to architecture of my network it is not possible to implement
>>      >transparent proxy.
>>
>>     excuse me?
>>     by "transparent" people mean what we usually call "intercept".
>>
>>      >What would be the behavior of applications that dont support
>> proxy - i.e.
>>      >dont forward requests to proxy?
>>
>>     they mest be intercepted.
>>
>>     --
>>     Matus UHLAR - fantomas, uhlar at fantomas.sk
>> <mailto:uhlar at fantomas.sk> ; http://www.fantomas.sk/
>>     Warning: I wish NOT to receive e-mail advertising to this address.
>>     Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>     Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
>>     _______________________________________________
>>     squid-users mailing list
>>     squid-users at lists.squid-cache.org
>> <mailto:squid-users at lists.squid-cache.org>
>>     http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180313/bd141496/attachment.sig>

More information about the squid-users mailing list