Re: [squid-users] SSL is a security hole

From: Christoph Haas <[email protected]>
Date: Fri, 7 Mar 2003 09:13:04 +0100

On Fri, Mar 07, 2003 at 12:25:26AM +0100, Henrik Nordstrom wrote:
> You can always use IDS tools like snort and the like to detect such
> strange traffic patterns.

But how can snort tell one SSL connection from the other?

> If you like this you should in my eye consider investigating having
> the feature added to Squid. It is not very much missing from Squid to
> be able to provide such https proxy functionality.

I would love to add this to my personal (empty so far) wishlist of Squid
features. On my mind Squid is a security component and minimize as many
security holes as possible.

If Squid would offer such a man-in-the-middle feature that would
surely mean that users will always get the Squid SSL certificate and
won't be sure who is on the other peer. But that would be the best
solution IMHO.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All

Received on Fri Mar 07 2003 - 01:13:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST