[squid-users] Redirect after sslbump teminate

Yuri Voinov yvoinov at gmail.com
Mon Jun 13 10:55:43 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Yes no problem. Signs the certificate of the local web server with root
certificate the proxy, which is already in user's browser - and voila.


13.06.2016 15:01, Antony Stone пишет:
> On Monday 13 June 2016 at 10:51:35, Eng Hooda wrote:
>
>> Thank You for your response.
>> Using the certificate is something I want to avoid.
>> So I think it's acceptable as it is now.
>>
>> I searched again and found an explanation , copied below FYI.
>>
>> "To serve an HTTP error to an SSL client, Squid has to establish an SSL
>> connection with that client."
>
> Yes, but the point is that the client originally requested an SSL
connection
> to a particular server, and if it gets a reply (even though it is an SSL
> reply) back from something with a certificate which doesn't match that
server,
> the client will complain, showing a security alert to the user.
>
>
> Antony.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXXpEvAAoJENNXIZxhPexGbZUH/j0HGg0L3KWAbRIyGBQ1sa2b
X/oE+gU9gKZYaBfK7DOj+NbdR3zQ6hmxiONsmp7Be0L2S3Eis1816yP6Hyg9BHVb
HdtbIYL66akVULNev6TVf61KPAHNGVbeNGM6xjhMW/0jnRl/TJ/cVKsBzFFSvFg3
Gj5rEkOKsPEZLdkJccop/p99iufAtfwQW31FxRPFPOF6q2IgcIhgB5nm6T2yrnQV
kU/suCjsVQj2V35Y/ZDY88irvP1cn0NBbqyw870HV7WsOQYyh+5Kk3iOCwrQY4Mo
UWSLvDM/Qjm0YzESSng4tcs8XVPG6C0tbzzpLOOySlmB/gBhJimVfUS41s/QcIo=
=wiaW
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160613/64685322/attachment.key>


More information about the squid-users mailing list