[squid-users] SSL intercept in explicit mode

Marcus Kool marcus.kool at urlfilterdb.com
Tue Mar 13 15:14:27 UTC 2018 

"SSL bump" is the name of a complex Squid feature.
With ssl_bump ACLs one can decide which domains can be 'spliced' (go through the proxy untouched) or can be 'bumped' (decrypted).

Interception is not a requirement for SSL bump.

Marcus

On 13/03/18 11:44, Danilo V wrote:
> I mean SSL bump in explicit mode.
> So intercept is a essencial requirement for running SSL bump?
> 
> Em ter, 13 de mar de 2018 às 11:10, Matus UHLAR - fantomas <uhlar at fantomas.sk <mailto:uhlar at fantomas.sk>> escreveu:
> 
>     On 13.03.18 13:44, Danilo V wrote:
>      >Is it possible/feasible to configure squid in explicit mode with ssl
>      >intercept?
> 
>     explicit is not intercept, intercept is not explicit.
> 
>     explicit is where browser is configured (manually or automatically via WPAD)
>     to use the proxy.
> 
>     intercept is where network device forcifully redirects http/https connections
>     to the proxy.
> 
>     maybe you mean SSL bump in explicit mode?
> 
>      >Due to architecture of my network it is not possible to implement
>      >transparent proxy.
> 
>     excuse me?
>     by "transparent" people mean what we usually call "intercept".
> 
>      >What would be the behavior of applications that dont support proxy - i.e.
>      >dont forward requests to proxy?
> 
>     they mest be intercepted.
> 
>     --
>     Matus UHLAR - fantomas, uhlar at fantomas.sk <mailto:uhlar at fantomas.sk> ; http://www.fantomas.sk/
>     Warning: I wish NOT to receive e-mail advertising to this address.
>     Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>     Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>     http://lists.squid-cache.org/listinfo/squid-users
> 
> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list