[squid-users] squid 3.3.8 https (Yuri Voinov)

Amos Jeffries squid3 at treenet.co.nz
Mon Aug 8 23:05:35 UTC 2016


On 9/08/2016 9:54 a.m., Erdosain9 wrote:
> but, its possible to do with this version?? (3.3.8).... i have CentOs 7 and
> thats the official packet.

With difficulty. HTTPS was designed to prevent MITM being possible. So
the Squid SSL-Bump feature(s) have been in an arms race situation with
the whole security community since before it was even designed. It is
still quote volatile with changes to how bumping works right up to the
very latest releases.

If you want to SSL-Bump traffic you really need to be following the
latest changes. Old packages will have an increasing number of sites
where it suddenly stops working because they fixed the security hole
that old version as using. Or added some new TLS extension the old
version is not aware of.


The <http://wiki.squid-cache.org/KnowledgeBase/CentOS> page lists where
you can get more up-to-date packages for CentOS.

Amos



More information about the squid-users mailing list