[squid-users] ssl proxy and decrypted forwarding

Sam Castellano scastellano at quadrantsec.com
Fri Apr 17 15:22:46 UTC 2020


Good morning, 
My question relates to ssl bumping and potentially Icap/Ecap functionality. I currently have ssl bump/ interception working and communicating with a local ICAP server. Im trying to understand the process of how the decrypted data gets sent to the ICAP server for analysis in things such as clamav etc. My goal is to have the decrypted traffic analyzed by Suricata preferably on a separate box if possible. 

Best regards 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200417/6dca72e7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2144 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200417/6dca72e7/attachment.bin>


More information about the squid-users mailing list