sön 2009-06-28 klockan 14:18 -0600 skrev Alex Rousskov: > Ok, but can you tell what the patch does? Forwards raw SSL connections > to the next hop, as if Squid was a TCP proxy?
Yes. > Something else? Not really. But supports both forwarded mode and standalone (connecting direct, or via a parent proxy). > > Do not work with SslBump I think. SslBump requires the CONNECT right? > > I do not think so. In my tests, SslBump worked for WCCP-intercepted SSL > connections. Are you sure that's SslBump, and not just https_port? https_port works kind of in interception mode, if the certificate warnings/errors is ignored.. has always been like that just not documented very well. Note: SslBump (long term) could be made to work in interception mode with modern browsers sending the requested hostname in the initial SSL hello message. Regards Henrik
