Re: [squid-users] SSL Sites bypass interception

From: Matus UHLAR - fantomas <uhlar_at_fantomas.sk>
Date: Tue, 29 May 2012 11:14:36 +0200

On 29.05.12 01:32, Jambaz wrote:
>Hi to all , i have squid 3.1.19 it's working all for http , the "problem" is
>only when the sites that i have blocked use https , with https ( port 443 )
>the site likes facebook,google plus,twitter and also sites very dangerous
>bypass squid and go normally like squid doesn't exist...
>Which i have to use and to do , to intercept also ssl sites ?
>One solution is deny all ssl sites....but i can't because https is also used
>for seriously sites ( and not for social ntworks ) and i only need to deny
>them and not the first...

There is one logical problem with intercepting of SSL connections:

SSL was made for nobody to be able to see what data you are requesting.
Thus, SSL (usually) works end-to-end.

By intercepting, you either able only to block destination by IP
address (you can do that on firewall too) or you must fake the
destination web certificates and in fact do the man-in-the-middle
attack, against which the SSL was designed.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
Received on Tue May 29 2012 - 09:14:46 MDT

This archive was generated by hypermail 2.2.0 : Tue May 29 2012 - 12:00:05 MDT