Re: [squid-users] intercepting SSL connections with client certificate

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Tue, 19 Nov 2013 16:30:43 +0200

Hey Shinoj,

Your problem is not your own.
The main issue with SSL is even intercepting it.
I would not just say it on the law side of the matter.

One of the issues is that SSL should be and end-to-end connection.
In infrastructure that a SSL encryption is enabled the SSL end point in
many cases do that as a SSL dedicated HW\SW node.
Behind a SSL reverse proxy there can be a whole new Internet for example.

So breaking the SSL is as you see a very complicated task.
I would assume that when SSL interception is being done it means that
these connections needs inspection and it is possible that a client
certificate is not even allowed as a policy.

I can think of a VPN solutions that use client side certificates.

In this case I would assume that access to encrypted information from
inside this place will be so restricted that only system and engineering
staff will be allowed to access some places.

Best Regards,
Eliezer

On 19/11/13 15:39, Shinoj Gangadharan wrote:
> I guess I am stuck:)
>
> Thanks and Regards,
> Shinoj.
Received on Tue Nov 19 2013 - 14:31:08 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 19 2013 - 12:00:04 MST