[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

Amos Jeffries squid3 at treenet.co.nz
Sat Apr 14 06:14:06 UTC 2018


On 14/04/18 10:03, Alex Crow wrote:
> 
>> Unless the protocol design changes to expose full URLs and/or MIME types,
>> nothing will replace Squid Bumping.
>>
>> That being said, we are headed to the vortex by 2018.05.01. Let's drown
>> together, while we yell and curse at Google!
>>
>> MK
>>
>>
>>
> 
> Erm, can someone elucidate the issue here? Can't see anything about this
> in the last year of mails from this list ;-)
> 

MK1018 is re-opening an old discussion from 2016.

The discussion started when TLS/1.3 and AES encrypted payloads were
still draft-only documents in IETF working groups.  So of course the
environment and what can or cannot be done is quite different now.


This just goes to show how much TLS and HTTPS environments are changing
and why our advice to always use the lastest release of Squid when
SSL-Bumping are so important. Anything even a year old discussing the
topic is outdated and possibly irrelevant.

Amos


More information about the squid-users mailing list