[squid-users] Alert unknown CA
Amos Jeffries
squid3 at treenet.co.nz
Wed Feb 4 15:39:04 UTC 2015
On 4/02/2015 7:32 p.m., Jason Haar wrote:
> On 04/02/15 18:47, Daniel Greenwald wrote:
>> And happens to be one that squid desperately needs to remain in order
>> to continue ssl bumping..
> ...and is one that diminishes in value as cert pinning becomes more
> popular...
>
> It's a tough life: on the one hand we want to do TLS intercept in order
> to do content filtering of HTTPS (because the bad guys are deliberately
> putting more and more malware onto HTTPS websites), and yet on the other
> hand we all want some things to be private.
>
> Bring back RFC3514, then all of this would be easy!!!
>
While Squid is not able to be section-3 compliant due to lack of a
portable system API. By building with --disable-http-violations it
becomes mostly compliant with section-4 under its role as a network
protection gateway. ;-P
Amos
More information about the squid-users
mailing list