sön 2009-06-28 klockan 14:18 -0600 skrev Alex Rousskov:
> Ok, but can you tell what the patch does? Forwards raw SSL connections
> to the next hop, as if Squid was a TCP proxy?
Yes.
> Something else?
Not really. But supports both forwarded mode and standalone (connecting
direct, or via a parent proxy).
> > Do not work with SslBump I think. SslBump requires the CONNECT right?
>
> I do not think so. In my tests, SslBump worked for WCCP-intercepted SSL
> connections.
Are you sure that's SslBump, and not just https_port?
https_port works kind of in interception mode, if the certificate
warnings/errors is ignored.. has always been like that just not
documented very well.
Note: SslBump (long term) could be made to work in interception mode
with modern browsers sending the requested hostname in the initial SSL
hello message.
Regards
Henrik
Received on Mon Jun 29 2009 - 19:32:58 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 30 2009 - 12:00:06 MDT