On 13/05/2013 3:03 a.m., neeraj kharbanda wrote:
> Hi,
> why some sites dont open when redirected through squid ?? Mostly
> secure sites. I'm using snat redirection of iptables.
Because SSL is a security protocol designed to prevent interception such
as NAT.
Any site which is *correctly* using SSL/TLS security procedures with
validation at both client and server ends will not work when NAT'ed to a
proxy. Some sites have been doing that for a long time, and as SSL
interception of half-validating sites is growing in popularity so are
the number of sites which are improving their validations.
Also, port 443 is used for approximately 5 different protocols these
days. HTTPS, WebSockets, and several versions of SPDY. Sites using any
of the non-HTTPS will not work well through an HTTP(S) intercepting Squid.
Amos
Received on Sun May 12 2013 - 23:27:54 MDT
This archive was generated by hypermail 2.2.0 : Mon May 13 2013 - 12:00:05 MDT