On 25/05/11 05:45, Ming Fu wrote:
Hi Alex,
One question about sslbump implementation, was the client side cert
exchange done before squid start the ssl to the server? If so, it
might be too late when squid learns that the server cert is not good.
The client side cert was already sent out.
It is too late to alter the client certificate. By the time a server
connection is opened Squid may have already served replies out of cache
to the client.
I am a bit surprised. Can sslbump make some https content cacheable?
Meanwhile it is worth investigate why you are getting so many
On 26/05/11 01:01, Ming Fu wrote:
It is too late to alter the client certificate. By the time a server
connection is opened Squid may have already served replies out of cache
to the client.
I am a bit surprised. Can sslbump make some https content cacheable?
Why surprised? ssl-bumps'
It is too late to alter the client certificate. By the time a server
connection is opened Squid may have already served replies out of
cache
to the client.
I am a bit surprised. Can sslbump make some https content cacheable?
Why surprised? ssl-bumps' purpose is to remove the SSL
On Wed, 25 May 2011 16:16:54 +, Ming Fu wrote:
It is too late to alter the client certificate. By the time a
server
connection is opened Squid may have already served replies out of
cache
to the client.
I am a bit surprised. Can sslbump make some https content
cacheable?
Why
E.g. if the server cert has expired, sign an expired squid cert to the
browser. At least this will reproduce the same behavior as if the
sslbump is not turned on. The browser will warn the certificate problem
and the user can proceed at his own risk. The squid administrator can be
kept out of
: [squid-users] SslBump and bad cert
E.g. if the server cert has expired, sign an expired squid cert to the
browser. At least this will reproduce the same behavior as if the
sslbump is not turned on. The browser will warn the certificate problem
and the user can proceed at his own risk. The squid