[squid-users] Redirect after sslbump teminate
Antony Stone
Antony.Stone at squid.open.source.it
Mon Jun 13 10:59:16 UTC 2016
On Monday 13 June 2016 at 12:55:43, Yuri Voinov wrote:
> Yes no problem. Signs the certificate of the local web server with root
> certificate the proxy, which is already in user's browser - and voila.
True - or at least it would be if the OP hadn't said "Using the certificate is
something I want to avoid." :)
Antony.
> 13.06.2016 15:01, Antony Stone пишет:
> > On Monday 13 June 2016 at 10:51:35, Eng Hooda wrote:
> >> Thank You for your response.
> >> Using the certificate is something I want to avoid.
> >> So I think it's acceptable as it is now.
> >>
> >> I searched again and found an explanation , copied below FYI.
> >>
> >> "To serve an HTTP error to an SSL client, Squid has to establish an SSL
> >> connection with that client."
> >
> > Yes, but the point is that the client originally requested an SSL
> > connection to a particular server, and if it gets a reply (even though it
> > is an SSL reply) back from something with a certificate which doesn't match
> > that server, the client will complain, showing a security alert to the
> > user.
> >
> >
> > Antony.
--
.evah I serutangis sseltniop tsom eht fo eno eb tsum sihT
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list