On 2014-02-25 22:17, kannan rbk wrote:
In our office, we are using squid to restrict users to connect only particular web sites and urls. If a user is connecting a web page via https, url_regex acl will not work. In a https request, we have control over domain only. But we need to restrict on url level. So, we used ssl bump to intercept the https requests. Its working fine, but we got some ssl warnings in browser.Google Chrome Warning Cannot connect to the real ziopert.com Is this possible to intercept a ssl connection in bump without any browser warnings?
Only if you have a CA certificate installed in that browser AND if the browser accepts your CA for that website. Chrome are taking a hard-line stance on TLS being secure, rather than the loophole mess ssl-bump takes advantage of.
You could try upgrading your proxy and using http://wiki.squid-cache.org/Features/BumpSslServerFirst. That might improve your situation a little, but there is not much hope as SSL was designed to its core to detect third-parties accessing the encryption.
Amos
