On 11/04/2012 11:43 p.m., Matus UHLAR - fantomas wrote:
> On 11.04.12 16:01, Ahmed Talha Khan wrote:
>> So whats the advantage of the ssl_bump feature left then if it cannot
>> act as an ssl endpoint. Does squid not support ssl end-point
>> termination?
Yes. Squid supports ssl end-point termination ...
That is what the 's' in https_port means. Before anything else happens a
new connection gets SSL negotiated and decrypted using the certificate
details configured.
Now, take an HTTPS connection, decrypt it with an https_port end-point.
What is left that you expect ssl-bump to do exactly?
>
> I don't think so. Note that redirecting connection to your own machine
> and behave as the server is called "man-in-the-middle" attack, and it
> is a security breach. SSL was designed to make secret, encrypted
> end-to-end connection between browser and a final server and it should
> remain so.
>
Amos
Received on Wed Apr 11 2012 - 13:12:04 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 12 2012 - 12:00:02 MDT