[squid-users] how to configure squid to check server certificate?
Amos Jeffries
squid3 at treenet.co.nz
Fri Mar 13 07:44:13 UTC 2020
On 13/03/20 12:44 pm, GeorgeShen wrote:
>
> Understood. not altering the bytes. My question is simple:
> if using squid to do splicing proxy action of https sessions, is there a
> squid configuration to block/drop the session if the remote server's
> certificate is signed by a 'untrusted' CA?
You should be able to do something like this:
ssl_bump peek all
ssl_bump terminate ssl::certUntrusted
ssl_bump splice all
I have not tried that myself, so not sure if it would terminate on
client certs.
Amos
More information about the squid-users
mailing list