Re: [squid-users] WCCPv2 and HTTPS problems

From: Alex Rousskov <rousskov@dont-contact.us>
Date: Wed, 07 Nov 2007 13:34:26 -0700

On Wed, 2007-11-07 at 18:21 +0900, Adrian Chadd wrote:

> The browser wraps up the SSL requests in a normal HTTP request ("CONNECT");
> transparently intercepted SSL requests look like SSL and not like HTTP.
> Squid knows about the former but not currently about the latter.

Adrian,

        AFAIK, Squid can handle HTTPS requests in an accelerated environment
setup, using https_port settings. If I configure Cisco to redirect https
traffic to Squid https_port using WCCP, will Squid know how to decrypt
the request?

        If yes, then SslBump should work, in principle, for WCCP/HTTPS
interception. Testing this is on my to-do list, but I wanted to know
whether you foresee any problems with this scheme (other than browser
warnings that SslBump causes). Do you?

Thank you,

Alex.
P.S. In my tests, SslBump already works for intercepting CONNECT
requests.
Received on Wed Nov 07 2007 - 13:34:50 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST