[squid-users] ssl bump certificate question

Yuri Voinov yvoinov at gmail.com
Wed Sep 7 20:59:40 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 


08.09.2016 2:58, Antony Stone пишет:
> On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote:
>
>> 08.09.2016 2:25, erdosain9 пишет:
>>> Hi.
>>> A query. Sslbump is possible without installing the certificate,
>>> machine by machine ???
>>
>> Bump impossible. Splice - possible.
>>
>>> Is there any way that this certificate Squid SUBMIT ??
>>
>> Cant understand question. What do you mean?
>
> I believe he wants a mechanism for squid to be able to provide the
fake CA
> certificate to the browser, so that the browser then trusts the fake site
> certificate which is signed with it.
>
> Of course, this is impossible, since any mechanism which allowed this
would
> allow the browser to be fooled into trusting any certificate anyone
cared to
> wave at it.
(facepalm)
>
>
>
> Antony.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX0H+7AAoJENNXIZxhPexG8+YH/jq85O+ieQ5+Bf5CK2arYyb2
F7p7sa3+bgFY4zuw9e592fCWlMaUEQdCVGSwnSJv6Zaxsylst/GnBk8d1yq1PyAR
R6CKr9itvwvyfqKXpqbasB41NogbesHn21ht5ttxusv+c0i1onp6BHDkWRVDEBTA
RLrdBZmw/yuHCOKXi3L3Ef/0k7OVHfbvTXUAcI70cweaGMr8Nbofm6Zn/T6LN2ow
FJKSFrWpluMFhidaMhEuLiJ/FmbgCJSl2E14Bz57YBusiMVmjNvJjIpo5dnPbxnF
HyQrkRq/UJxHw2YIeVIrQ4+Yubw4xxerw7R2ecO3fCoH7Y6dyL/D4R2e96t33dw=
=SvH8
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160908/74e0e321/attachment.key>


More information about the squid-users mailing list