[squid-users] Basic HTTPS filtering via CONNECT in Squid
Amos Jeffries
squid3 at treenet.co.nz
Sun Feb 12 08:51:19 UTC 2017
On 12/02/2017 7:40 p.m., Varun Singh wrote:
>
> The answer points to installing a CA on client.
The question was about how to get browsers talking TLS *directly to a
Squid reverse-proxy*. Your Ubuntu package is not capable of that and you
are not using a reverse-proxy.
> Does this mean even if I don't want Squid-in-the-middle approach, my
> clients would still have to install a certificate?
No. It is irrelevant to yrou sitation.
You began this thread with a simple question:
> Hi,
> I have a Squid 3 installed on Ubuntu 16.04. It works perfectly as an
> HTTP proxy server in transparent mode.
> I wanted to know whether it can be configured to run as HTTPS proxy
> server without ssl-bump i.e. without 'man in the middle attack'
> technique.
Everything you have been asking about since then is various ways to do
parts of the SSL-bump process. Which does not fit very well with the
"without ssl-bump" requirement.
Simply put; if you are not going to SSL-Bump then you can discard any
thoughts of doing things with the HTTPS messages or port 443 traffic.
If you have changed your mind and want to use SSL-Bump now, please
re-describe what you want to actually happen now.
Amos
More information about the squid-users
mailing list