[squid-users] how to configure squid to check server certificate?
Amos Jeffries
squid3 at treenet.co.nz
Mon Mar 2 05:27:58 UTC 2020
On 2/03/20 11:32 am, GeorgeShen wrote:
>
> Sorry, I should have said 'Trusted self-signed' CA vs non-Trusted. I was in
> one enterprise, they use proxy server, when I went to a non-trusted CA
> server, I got TLS handshaking error; but it worked fine when going to a
> 'trusted' CA server. And I know my connection on the proxy was not a
> SSL-Bump. I was trying to see how does the proxy server decide a server is a
> trusted, vs non-trusted in splice. If I were going to implement this on the
> squid, how to configure such a policy.
>
*IF* that error was from the proxy and the proxy was a Squid, then it
can be done at step 3 with a helper after a peek or stare at step 2.
There should not need to be anything configured though. Rejecting
unknown root CAs is how TLS is designed to work. With splice the error
should be produced by your UA/Browser.
Amos
More information about the squid-users
mailing list