Re: Server Name Indication for transparent https proxy

From: Tsantilas Christos <chtsanti_at_users.sourceforge.net>
Date: Tue, 03 Apr 2012 09:31:40 +0300

On 04/02/2012 11:05 PM, Henrik Nordström wrote:
> mån 2012-04-02 klockan 21:14 +0200 skrev Santiago Garcia Mantinan:
>
>> The thing I'd like to do and I haven't seen how to do with current squid, is
>> to allow transparent proxy of incoming https connections based on this
>> Server Name Indication. Maybe I missed this and it is already implemented,
>> but if this is not yet implemented I'd like to know if you'd like me to
>> implement it and how would you like it to be implemented and on which squid
>> code.
>
> I am not aware of any Squid implementation of SNI parsing to extract the
> requested host.

Currently squid sets the SNI extension when connects to the remote SSL
server.
But it is not uses SNI for incomming SSL connections...

Regards,
   Christos

>
> You are very welcome to try to implement SNI identification.
> Implementation is preferably done to Squid-3 bzr trunk, but it's OK to
> base changes on Squid-3.2 as well. This is closely related to sslbump
> and there have been significant changes to sslbump in 3.2.
>
>
>
>
>
Received on Tue Apr 03 2012 - 06:50:35 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 03 2012 - 12:00:04 MDT