RE: [squid-users] CONNECT method support(for https) using squid3.1.0.6 + tproxy4

From: <joost.deheer_at_getronics.com>
Date: Fri, 10 Apr 2009 08:22:05 +0200

>HTTPS cannot be spoofed, its part of the security involved with the SSL layer.

Technically, HTTPS -can- be spoofed, using a wildcard trusted certificate for *. I know that BlueCoat supports this kind of interception to be able to scan HTTPS traffic. It's basically a trusted MITM attack.

The main disadvantage IMO is that the check on the clientside whether the certificate is valid or not becomes impossible.

Joost
Received on Fri Apr 10 2009 - 06:22:09 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 10 2009 - 12:00:03 MDT