[squid-users] How to configure a "proxy home" page ?
Amos Jeffries
squid3 at treenet.co.nz
Mon Mar 26 01:08:49 UTC 2018
On 26/03/18 13:44, Yuri wrote:
>
>
> 26.03.2018 06:41, Yuri пишет:
>>
>> 26.03.2018 06:30, Amos Jeffries пишет:
>>> On 26/03/18 12:34, Yuri wrote:
>>>> 26.03.2018 05:23, Amos Jeffries пишет:
>>>>> On 26/03/18 12:07, Yuri wrote:
>>>>>> 26.03.2018 05:05, Amos Jeffries пишет:
>>>>>>> On 26/03/18 11:05, Yuri wrote:
>>>
>>> On 26/03/18 12:34, Yuri wrote:>
>>>> 26.03.2018 05:23, Amos Jeffries пишет:
>>>>> This is what I mean by "TLS used properly" - proper is when it always
>>>>> circles back to user deciding who they trust. No matter how indirectly,
>>>>> the user installs a (root) CA causing trust or allowed someone else to
>>>>> do so.
>>>> Generally speaking, yes.
>>>>
>>>> I just mean, that in some other protocols you have no any possibility to
>>>> make MiTM by any way, whenever installing something or not. This
>>>> prevents any improper or malicious use of protocol.
>>>>
>>>> TLS*have* this possibility. SSH is *not*. You can't MiTM or compromise
>>>> SSH by installing any key/certs to client. Correct? This is by design?
>>> No. SSH is just TCP/telnet over TLS. So if the SSH software were to
>>> trust the cert/key Squid delivers one could use SSL-Bump on that SSH
>>> traffic.
>> You sure?
>>
>> https://stackoverflow.com/questions/723152/difference-between-ssh-and-ssl-especially-in-terms-of-sftp-vs-ftp-over-ssl
>>
>> Quote: "SSH has its own transport protocol independent from SSL, so that
>> means SSH DOES NOT use SSL under the hood."
>>
>> Because I'm not. Different sources tells opposite.
> I'm sure SSH using openssl under the hood. But not sure it uses same
> tunneling implementation like TLS-over-HTTP. And now it is still unknown
> any method to MiTM SSH, AFAIK.
I'm not 100% sure, but it uses the same message framing as TLS and
performs the same handshake sequence and security verifications.
That said *SSL* _is_ different from TLS so the quote is technically
correct either way.
Amos
More information about the squid-users
mailing list