On 25/06/15 06:05, James Lay wrote:
openssl s_client -connect x.x.x.x:443
Just a FYI but you can make openssl do SNI which helps debugging (ie
doing it your way and then doing it with SNI)
openssl s_client -connect x.x.x.x:443 -servername www.site.name
(that will allow squid to see
Squid 3.5.5
I seem to have some confusion about how acl lists are processed in
squid.conf regarding the handling of SSL (HTTPS) traffic, attempting to use
ssl_bump directives with transparent proxy.
Based on available documentation, I believe my squid.conf is correct,
however it never seems to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Never mind, Tom. I have own cockroaches in my head. Just only for
content filtering, I would not put a caching proxy. Once that's it.
24.06.15 22:22, Tom Mowbray пишет:
Yuri,
The proxy is being used as a content filter, i.e. domain and URL
Yuri,
The proxy is being used as a content filter, i.e. domain and URL
whitelisting and blacklisting.
I guess my real question is simply regarding how this traffic is processed
in regards to where I've defined options in my squid.conf?
Also, why does it appear to bump all sites when my config
On 25/06/2015 3:41 a.m., Tom Mowbray wrote:
Squid 3.5.5
I seem to have some confusion about how acl lists are processed in
squid.conf regarding the handling of SSL (HTTPS) traffic, attempting to use
ssl_bump directives with transparent proxy.
Based on available documentation, I believe my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Tom,
one simple question.
Soon, all or almost all the Internet go into HTTPS. Why do you then need
caching proxy? The tunnel connection and process ACLs?
My second question to Amos. Amos, what the hell do we under these
conditions caching
On 2015-06-24 11:46 AM, Tom Mowbray wrote:
James,
Yes, as a matter of fact I have read through those exact posts and
modeled my config very similarly. What I have found is that, however,
when the line http_access allow SSL_ports is placed above the
ssl_bump stuff and other acl's (as you have
James,
Yes, as a matter of fact I have read through those exact posts and modeled
my config very similarly. What I have found is that, however, when the
line http_access allow SSL_ports is placed above the ssl_bump stuff and
other acl's (as you have it), it seems to simply allow ALL https
On 25/06/2015 4:00 a.m., Yuri Voinov wrote:
Tom,
one simple question.
Soon, all or almost all the Internet go into HTTPS. Why do you then need
caching proxy?
Because HTTPS is more cacheable than HTTP. A lot of misguided developers
that go needlessly out of their way to prevent caching
Thanks for the response. Our understanding was that by using the peek and
splice options, we could transparently filter https traffic using the SNI
at the very least (though perhaps the issue lies with our external ACL?),
without having to decrypt the SSL session or use MITM cert. Our results in
On 2015-06-24 09:41 AM, Tom Mowbray wrote:
Squid 3.5.5
I seem to have some confusion about how acl lists are processed in
squid.conf regarding the handling of SSL (HTTPS) traffic, attempting
to use ssl_bump directives with transparent proxy.
Based on available documentation, I believe my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos,
we are don't care about experts in the IETF.
What is the Squid Team position about SSL bumping and caching? Will
Squid be only content filtering proxy or remains caheable? What will be
next milestone?
3.5. now less used to cache SSL, only
12 matches
Mail list logo