On 12/06/2012 7:33 p.m., nipun_mlist Assam wrote:
> Thanks Eliezer/Amos for the hints.
>
> But I have some concerns here with SSLBUMP.
> Without proxy forwarding, SSL from client is terminated on squid and
> then squid does SSL with the orgin server.
>
> But when squid (with SSLBUMP enabled) connects internet via upstream
> proxy, it behaves different way. SSL is terminated on downstream proxy
> as usual. But the traffic flow between squid and the usptream becomes
> non-encrypted (we are not enabling SSL for parent cache_peer as we
> want traffic to be encrypted between downstream and upstream only for
> HTTPS). User won't care if http traffic between upstream and
> downstream goes unencrypted, but he will be concerned if even for
> HTTPs traffic goes unencrypted between upstream and downstream.
Squid 3.1.11 which you said you were using does not support ssl-bump.
Please update to 3.1.20.
Amos
Received on Tue Jun 12 2012 - 08:13:59 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 12 2012 - 12:00:03 MDT