Re: Squid HEAD : intercept SSLBump server first + out of Squid box NAT redirection

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 14 Nov 2012 11:33:31 -0700

On 11/14/2012 11:17 AM, Vincent Miszczak wrote:

> I’d like to know how Squid resolves the remote host when handling an
> intercepted server-first bumped connection, so I’ll be able to setup my
> network accordingly.

Using the destination address of the intercepted TCP connection, Squid
securely connects to the origin server, receives the origin server SSL
certificate, and generates a fake SSL certificate by mimicking origin
server certificate properties. After all of the above, Squid secures the
connection with the client by performing an SSL handshake using the fake
SSL certificate.

Alex.
Received on Wed Nov 14 2012 - 18:33:36 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 15 2012 - 12:00:07 MST