I haven't tested this so I may be embarrassing myself, but I doubt client certs and sslbump play nicely together as the end-server would never see any possible client cert interaction
I was wondering how quickly the need of a client cert is announced? Could/does squid notice the server requirement for client certs and fall back into passthrough mode? It would certainly be a great option to have. ie force most https traffic through sslbump, but allow squid to bypass it for the (very) few sites that require client certs. Some may want to turn off such a feature, but most would probably be like me and purely interested in using sslbump for enabling SSL content filtering, and I really doubt we'll be seeing many viruses via client-cert protected https any time soon ;-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
