[squid-users] Redirect after sslbump teminate

Antony Stone Antony.Stone at squid.open.source.it
Mon Jun 13 09:01:34 UTC 2016


On Monday 13 June 2016 at 10:51:35, Eng Hooda wrote:

> Thank You for your response.
> Using the certificate is something I want to avoid.
> So I think it's acceptable as it is now.
> 
> I searched again and found an explanation , copied below FYI.
> 
> "To serve an HTTP error to an SSL client, Squid has to establish an SSL
> connection with that client."

Yes, but the point is that the client originally requested an SSL connection 
to a particular server, and if it gets a reply (even though it is an SSL 
reply) back from something with a certificate which doesn't match that server, 
the client will complain, showing a security alert to the user.


Antony.

-- 
"this restriction will not apply in the event of the occurrence (certified by 
the United States Centers for Disease Control or successor body) of a 
widespread viral infection transmitted via bites or contact with bodily fluids 
that causes human corpses to reanimate and seek to consume living human flesh, 
blood, brain or nerve tissue and is likely to result in the fall of organized 
civilization."

 - https://aws.amazon.com/service-terms/ paragraph 57.10

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list