On 12/12/17 11:56, Eugene Grosbein wrote:
https://wiki.squid-cache.org/Features/SslPeekAndSplice
You either ignore MITM and proceed with connection anyway or have no
connectivity via this channel at all.
When the user sees that SSL/TLS is stripped, this isn't a vulnerability
of the protocol. User can make a choice to use such connection anyway.
There are command line options like this for some commands, and the
choice in the browser.
Compare this with https using compromised by government CA, when the
user doesn't have any way of knowing about MITM. So https+private CA
stands secure.
Yuri
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
