[squid-users] Redirect after sslbump teminate

Antony Stone Antony.Stone at squid.open.source.it
Mon Jun 13 10:59:16 UTC 2016


On Monday 13 June 2016 at 12:55:43, Yuri Voinov wrote:

> Yes no problem. Signs the certificate of the local web server with root
> certificate the proxy, which is already in user's browser - and voila.

True - or at least it would be if the OP hadn't said "Using the certificate is 
something I want to avoid."  :)


Antony.

> 13.06.2016 15:01, Antony Stone пишет:
> > On Monday 13 June 2016 at 10:51:35, Eng Hooda wrote:
> >> Thank You for your response.
> >> Using the certificate is something I want to avoid.
> >> So I think it's acceptable as it is now.
> >> 
> >> I searched again and found an explanation , copied below FYI.
> >> 
> >> "To serve an HTTP error to an SSL client, Squid has to establish an SSL
> >> connection with that client."
> > 
> > Yes, but the point is that the client originally requested an SSL
> > connection to a particular server, and if it gets a reply (even though it
> > is an SSL reply) back from something with a certificate which doesn't match
> > that server, the client will complain, showing a security alert to the
> > user.
> > 
> > 
> > Antony.

-- 
.evah I serutangis sseltniop tsom eht fo eno eb tsum sihT

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list