Hi, On Thu, 01.09.2005 at 19:29:57 +0200, Markus Wernig <[EMAIL PROTECTED]> wrote: > Squid is different. Usually, it doesn't do SSL itself, but just passes > the connection on.
it does, however, talk SSL to the outside server. > You might be able to code around that by terminating two distinct > sessions on the gateway, and have the gateway read the data channel, I dimly remember reading about devices which proceed like that. While I agree that these break parts of end-to-end security, they are touted to put an end to corporate espionage and malware infiltration over channels where you otherwise have no way of protecting your network (it would be just too easy to put malware on an SSL-secured site and avoid any virus scanners etc). I am also a bit undecided about the usefulness of such devices. Eg. I like to have my borders secured by OpenBSD, but I also like to have FTP access secured by SSL, thus making password-sniffing a bit more difficult. Having to chose between no firewall at the border on the one side and no SSL on the FTP server on the other is no satisfacory answer. Best, --Toni++
