sön 2012-02-05 klockan 22:44 -0500 skrev PS:
> Is there a specific place where that temp certificate is located, or
> is it the same certificate that I generated using OpenSSL and is
> provided to squid in the http_port option of the squid.conf?
See sslcrt_program option,.
Regards
Henrik
I'm not very familiar with ICAP, but I would think that this could be done via
ICAP since it can be used to send the unencrypted data to an AV server.
Victor Pineiro
On Feb 5, 2012, at 6:39 PM, Henrik Nordström wrote:
> sön 2012-02-05 klockan 17:33 -0600 skrev James R. Leu:
>> If squid is con
sön 2012-02-05 klockan 17:33 -0600 skrev James R. Leu:
> If squid is configure to use ICAP and the ICAP server supports
> RESMOD would the ICAP server be given the full response unencrypted?
In sslbump mode yes.
Regards
Henrik
If squid is configure to use ICAP and the ICAP server supports
RESMOD would the ICAP server be given the full response unencrypted?
On Mon, Feb 06, 2012 at 12:03:11AM +0100, Henrik Nordström wrote:
> sön 2012-02-05 klockan 14:12 -0500 skrev PS:
>
> > Shouldn't I be able to decrypt the connection
sön 2012-02-05 klockan 14:12 -0500 skrev PS:
> Shouldn't I be able to decrypt the connection between the client and the
> squid server in order to see the traffic that is being sent to gmail?
Yes, if you are using ssl-bump, and you have access to the temp
certificate used by Squid.
But
a) ssldu
1440
>>> refresh_pattern -i (/cgi-bin/|\?) 00%0
>>> refresh_pattern . 020%4320
>>> logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %>> access_log /usr/local/squid/var/logs/access.log squid
>>>
>>> Thanks for the quick
> >
> > -Mensaje original-
> > De: PS [mailto:packetst...@gmail.com]
> > Enviado el: viernes, 03 de febrero de 2012 12:56 p.m.
> > Para: Alfonso Alejandro Reyes Jimenez
> > CC: squid-users@squid-cache.org
> > Asunto: Re: [squid-users] C
do el: viernes, 03 de febrero de 2012 12:56 p.m.
> Para: Alfonso Alejandro Reyes Jimenez
> CC: squid-users@squid-cache.org
> Asunto: Re: [squid-users] Capturing HTTPS traffic
>
> Could you please be a little more specific? Is there something else called
> ssldump that I am supp
ensaje original-
> De: PS [mailto:packetst...@gmail.com]
> Enviado el: viernes, 03 de febrero de 2012 12:56 p.m.
> Para: Alfonso Alejandro Reyes Jimenez
> CC: squid-users@squid-cache.org
> Asunto: Re: [squid-users] Capturing HTTPS traffic
>
> Could you please be a little more s
-users@squid-cache.org
Asunto: Re: [squid-users] Capturing HTTPS traffic
Could you please be a little more specific? Is there something else called
ssldump that I am supposed to use?
This is what my config looks like. I am currently using ssl_bump.
acl localnet src 10.0.0.0/8 # RFC1918
certifícate information you may use ssldump to decode the
> information. I hope this helps.
>
>
> Regards.
>
> -Mensaje original-
> De: PS [mailto:packetst...@gmail.com]
> Enviado el: viernes, 03 de febrero de 2012 12:11 p.m.
> Para: squid-users@squid-cache.org
] Capturing HTTPS traffic
Hello,
I am currently running the following version of Squid:
Squid Cache: Version 3.2.0.14-20120202-r11500 configure options:
'--enable-ssl' '--enable-ssl-crtd'
I configured it so that certs are generated on the fly and I am able to get to
HT
Hello,
I am currently running the following version of Squid:
Squid Cache: Version 3.2.0.14-20120202-r11500
configure options: '--enable-ssl' '--enable-ssl-crtd'
I configured it so that certs are generated on the fly and I am able to get to
HTTPS websites without getting a certificate warning.
13 matches
Mail list logo
