Re: [squid-users] Re: HTTPS traffic in normal transparent proxy

From: E.S. Rosenberg <esr_at_g.jct.ac.il>
Date: Fri, 2 Nov 2012 12:24:01 +0200

2012/11/2 Markus <m.ferlitsch_at_gmail.com>:
> Ok, I understand but I thought that sslbump realize it so that the encrypted
> data from client will be decrypted and it will be encrypted before sending
> the request to parent proxy (man-in-the-middle).
> This also should word with https, shouldn't?
>
> Can I fix this issue for me? Security is not important, because I only use
> it for the market on my tablet which needs https and no proxy-support.

Well unless you installed the cert you are using for your MITM attack
as a trusted CA on your client device you'll see the warning, that's
kind of the point of SSL.
And with android (and chorme?) & google sites I think you'll see it
even if you install it since they hava a whitelist of CAs for google
domains, this was afaik how the Iranian forged google certs were
discovered (diginotar).

Regards,
Eli
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-traffic-in-normal-transparent-proxy-tp1033647p4657201.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Nov 02 2012 - 10:24:11 MDT

This archive was generated by hypermail 2.2.0 : Fri Nov 02 2012 - 12:00:03 MDT