I already managed to see Hellos in the logs when switching on ssl_bump
peek-and-splice, but I fail to write an ACL filtering for the ServerName in
the
hello to decide if the traffic should be bumped or not. Allowed sites should
simply go to the ssl_bump none option then. AND by using
Hi Alex,
If bumping SSL traffic without client consent or knowledge was possible,
SSL would be useless.
that's why I dropped the ssl_bump server-first approach for now. But what about
the
SSL Peek and Splice feature? Don't get me wrong I'm not interested in decrypting
all user traffic
but to
On 04/26/2013 11:08 AM, a...@imaginers.org wrote:
If bumping SSL traffic without client consent or knowledge was possible,
SSL would be useless.
that's why I dropped the ssl_bump server-first approach for now. But what
about
the SSL Peek and Splice feature?
All SslBump features past,
Hi Together,
first of all - thanks to Alex for the fast answer!
You may have misinterpreted what that bug report says. The reporter
placed his selfCA into the browser. The reporter did not use a CA
certificate from a well-known CA root in his signing chain -- it is not
possible to do that
On 04/25/2013 07:27 AM, a...@imaginers.org wrote:
I need a solution where the client configuration is not changed
Fortunately, such solution does not exist. The only way to bump traffic
without client warnings is to make the client trust the Squid signing
certificate. For that, you have to