Re: [squid-users] https_port required to open sites with ssl?

From: Peter Albrecht <[email protected]>
Date: Thu, 18 May 2006 15:23:48 +0200

Hi Elijah,

On Thursday 18 May 2006 14:43, Elijah Alcantara wrote:
> Hi,
>
> I've been trying to setup transparent proxy and it seems to be working
> for most sites except for those that have secure logins
> (mail.yahoo.com, gmail, sourceforge), could this be that ssl thing at
> work here? (sorry, I'm quite new to this ssl thing) Is it required for
> the squid proxy server to have --enable-ssl working so that clients
> can open those sites ?
>
> I noticed that manually setting proxy at the browser will enable
> opening of ssl sites, but leaving it with no proxy will cause the page
> to just simply load forever (transparent proxy's side).

https and transparent proxying (or interception proxying) is not possible by
design.

> I'm asking this 'cause I'm having a bit of a trouble producing those
> certificates & keys, gives me some weird error & stuff...

That would be what is called "man-in-the-middle attack" ...

Search the mailing lists archive, you'll find a lot of discussions on this
there.

Regards,

Peter

-- 
Peter Albrecht, Novell Training Services, peter.albrecht@novell.com
Received on Thu May 18 2006 - 07:23:10 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT