[squid-users] How to make sslbump'ing more robust? (option to continue?)
L A Walsh
squid-user at tlinx.org
Fri May 12 03:45:01 UTC 2017
Alex Rousskov wrote:
> Yes, there is a way. Your options include:
>
> 1. Tell Squid to ignore expired certificates errors. Squid will then
> mimic the expired certificate while allowing the client traffic. The
> client should then detect the expired (fake) certificate and may offer
> the user to bypass the problem.
...
----
Since my SSL-bump is on a private server with most clients
being my clients, this is probably the most ideal. I wasn't sure
if the type of SSL-problem would be correctly duplicated to the
client, as I didn't want to just continue the connection without
telling the browser operator (most often, me) that there was
some problem.
Thanks!
-linda
More information about the squid-users
mailing list