[squid-users] ssl bump certificate question

Antony Stone Antony.Stone at squid.open.source.it
Wed Sep 7 20:58:07 UTC 2016


On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote:

> 08.09.2016 2:25, erdosain9 пишет:
> > Hi.
> > A query. Sslbump is possible without installing the certificate,
> > machine by machine ???
> 
> Bump impossible. Splice - possible.
> 
> > Is there any way that this certificate Squid SUBMIT ??
> 
> Cant understand question. What do you mean?

I believe he wants a mechanism for squid to be able to provide the fake CA 
certificate to the browser, so that the browser then trusts the fake site 
certificate which is signed with it.

Of course, this is impossible, since any mechanism which allowed this would 
allow the browser to be fooled into trusting any certificate anyone cared to 
wave at it.


Antony.

-- 
#define SIX 1+5
#define NINE 8+1

int main() {
    printf("%d\n", SIX * NINE);
}
	- thanks to ECB for bringing this to my attention

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list