[squid-users] ssl-bump doesn't like valid web server
Eliezer Croitoru
eliezer at ngtech.co.il
Mon Feb 2 13:23:33 UTC 2015
Hey Steve,
On what OS are you running squid? is it self compiled one?
Eliezer
On 02/02/2015 14:09, Steve Hill wrote:
>
> I'm pretty sure this is incorrect - I'm running Squid 3.4 without
> ssl_crtd, configured to bump server-first. The cert= parameter to the
> http_port line points at a CA certificate. When visiting an https site
> through the proxy, the certificate sent to the browser is a forged
> version of the server's certificate, signed by the cert= CA. This
> definitely seems to be server-first bumping - if the server's CA is
> unknown, Squid generates an appropriately broken certificate, etc. as
> you would expect.
>
> Am I missing something?
More information about the squid-users
mailing list