[squid-users] How to make sslbump'ing more robust? (option to continue?)

L A Walsh squid-user at tlinx.org
Fri May 12 03:45:01 UTC 2017


Alex Rousskov wrote:
> Yes, there is a way. Your options include:
> 
> 1. Tell Squid to ignore expired certificates errors. Squid will then
> mimic the expired certificate while allowing the client traffic. The
> client should then detect the expired (fake) certificate and may offer
> the user to bypass the problem. 
...
----

Since my SSL-bump is on a private server with most clients
being my clients, this is probably the most ideal.  I wasn't sure
if the type of SSL-problem would be correctly duplicated to the
client, as I didn't want to just continue the connection without
telling the browser operator (most often, me) that there was
some problem.

Thanks!
-linda




More information about the squid-users mailing list