Hello,
I'm a developer with higher level languages experience very little commercial
c++ development on my hands.
I've been following the SslBump feature for a while now, and this includes
source code changes. SslBumping with upstream proxies was completely restricted
when bug 3209 was patched in 2011, however, I believe the patch is too
restrictive. I agree with Amos's statement that a plaintext information leak is
highly unsafe, but the patch also prevents ssl upstream proxies usage.
In order to prevent plaintext and still use upstream proxies, I propose the
following changes (tested in intranet, in production) which enable upstream
proxies after ssl bumping, as long as the proxies are ssl themselves:
- version 4.x
https://github.com/randunel/squid4/commit/c91995833370771f9903b374f17a0d774643c2b3-
version 3.5.x
https://github.com/randunel/squid3/commit/a72a47cf0d54bf17faefcfe7692182d82d6520ab
Best regards,Mihai Ene
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
