<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA1 <br>
<br>
To return to Earth:<br>
<br>
I think, a good idea is built-in (ma be, in ssl_crtd?) functionality
to check 443 port connection for "Is an HTTPS inside?" and if no, do
not bump by default.<br>
<br>
This is so simple and fast, is it? And we can have some config
option to disable this function.......Or not.....<br>
<br>
;)<br>
<br>
05.01.2015 2:17, Douglas Davenport пишет:<br>
<span style="white-space: pre;">> I saw a very similar feature in
ufdbGuard which is a URL filter implemented as a Squid Redirector.
They have a feature which probes the destination server for a
valid HTTPS cert in parallel to the user's connection and
terminates it if it turns out not to be a valid HTTPS cert. Their
code is open source, maybe this could be helpful in creating such
a helper?<br>
><br>
> <a class="moz-txt-link-freetext" href="http://www.urlfilterdb.com/home.html">http://www.urlfilterdb.com/home.html</a><br>
><br>
> On Sat, Jan 3, 2015 at 3:45 AM, Yuri Voinov
<<a class="moz-txt-link-abbreviated" href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a> <a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><mailto:yvoinov@gmail.com></a>> wrote:<br>
><br>
><br>
> Term "HTTPS" often uses as "Any connect over 443 port"....<br>
><br>
> 03.01.2015 13:59, Jason Haar пишет:<br>
> > On 01/01/15 00:11, James Harper wrote:<br>
> >> The helper connects to the IP:port and tries to
obtain the<br>
> certificate, and then caches the result (in an sqlite
database). If it<br>
> can't do so within a fairly short time it returns failure
(but keeps<br>
> trying a bit longer and caches it for next time).
Alternatively if the<br>
> IP used to be SSL but is now timing out it returns the
previously cached<br>
> value. Negative results are cached for an increasing amount
of time each<br>
> time it fails, on the basis that it probably isn't SSL.<br>
> > That sounds great James! I'd certainly like to take a
look at it too<br>
><br>
> > However, you say "SSL" - did you mean "HTTPS"? ie
discovering a ip:port<br>
> > is a IMAPS server doesn't really help squid talk to it -
surely you want<br>
> > to discover HTTPS servers - and everything else should
be<br>
> > pass-through/splice?<br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBAgAGBQJUqaH3AAoJENNXIZxhPexG+VAH/3+fQfAUA1IdCXTdvZXjR2Ih
<br>
2AAa2d/mPOQtk1RNTk7PUxp1tIuUVt054euuwnhxItGSIb6OB7U2fTHK1k3BF+ta
<br>
BG6fyghpKYFBHJkloYX6m45g7K3vgpKEjVPDQZuaUz1CBZ67ie/ThngxmgNwFqaO
<br>
HbDvcX6FnvYeplRDrsx8DATD7fqujw5wy6ZI+23bXAOf4j7PO6zwIeoh4hSkMhr/
<br>
7ZRBYv2T6iYh+sL3XiYgVh9fWcGy2O2ovJLW/2AA4YXnlEAGLgbgVZCiF6jIdomn
<br>
iSiel6enLOCDneLsMcW1h+n7HNTTpv6N2D5ATMEcf8kz3ACmH99mBhk2bh9jQ94=
<br>
=Iw5c
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>