Ilya wrote:
> Hm, sa I understood, squid is between client and server when
> they establish SSL connection. So can squid, in theory, acts
> as "man in the middle", catch all public keys and replace them
> on its own and then decrypt all data? Ok, I ask it not because
> I`m going to do so, I only want to know wether somebody can do
> so :) For example, the developers of squid( it`s joke:) ).
Yes, with the SSL support of Squid-2.5 plus a upcoming patch to extend
Squid to be able to initiate SSL connections you can do so, but Squid
will then present a single SSL certificate on all sites making browsers
a bit upset about the certificate names, and as there is a
man-in-the-middle no end-to-end features of SSL can be used such as
client certificates etc..
Regards
Henrik
Received on Sat Nov 23 2002 - 03:36:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:32 MST