On Wed, 4 Aug 2004, McDonald, Rob wrote:
I am looking to start caching SSL traffic, so I can make the content conform to company HR policies.
There are commercial products that do this.
I was wondering what the Squid crowd was doing for this issue?
Generally HTTPS traffic can not be cached due to the encryption.
Technically it is possible to implement a decrypting proxy using spoofed server certificates issued by the proxy, but this has not yet been implemented in Squid. The technical drawbacks from doing this is
- End-to-end is violated, making it impossible to use/access sites requiring client side SSL certificates for authentication.
- User no longer is given the choice of trusting or denying access to sites not having a valid certificate. The company policy set in the proxy applies to all.
- User no longer can inspect the servers certificate to determine if the site is trustworthy or not.
- Not yet implemented in Squid, so to do this it first needs to be implemented in the Squid code.
If you want to discuss how this may be implemented in Squid please contact [EMAIL PROTECTED]
Regards Henrik
