[squid-users] ssl_bump with cache_peer problem: Handshake fail after Client Hello.

Yuri Voinov yvoinov at gmail.com
Mon Jul 6 13:20:44 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 


06.07.15 18:06, Amos Jeffries пишет:
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a lot of sites I can't access.
>>
>> 2) Use local 8118 proxy
>> That works fine without any problem, but SSL_dump is needed...
>> So just prove privoxy are working.
>>
>> Any clue?
>
>> Also, If I disable "ssl_bump" at http_port line, squid works without
>> any problem just as a forwarder.
>> But that makes no sense anyway.
>
> Makes perfect sense. Would you like anybody to be able to decrypt your
> HTTPS traffic and send it as plain-text wherever they want?
Anybody already have the ability to decrypt our HTTPS traffic. This
named "government".
>
>
> Squid does not permit that. All inbound encrypted traffic must one way
> or another leave upstream only by encrypted channels.
Websense does. Another commercial products and solutions does. So?
>
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJVmoCsAAoJENNXIZxhPexGXo8H/2vYEU7Xt+T85477hZYN5nr8
TMdRMfQIudoJcZWDyqqcf6JRw6SRwcgZDaRHUnH3CrUejcf9AMYH1MxX+Knwrsd+
IwXs0LEO45hTfKo005NV/1BVcXu1s7OPEvgRa85WUCfexBALqVT+JAA+ZG6BO3XW
QNSSgsdxCgPl9ITFetBkTOQTZJaXTkGy+JSPhaTl+eOp+DFKWzcTLOhKybOP4VlF
qW/srBT1VDdBSy1/BIGGUGzFMboRW0hV7izfhbq3A38pxaEKrA9IraamOPwVl/8k
0tDZ5bfFlvzknO4xqu73hHjIu1aByGSfSwablImeV9eCDJ1dzAJTbFR1YXq0/XM=
=+H6m
-----END PGP SIGNATURE-----



More information about the squid-users mailing list