RE: [squid-users] SslBump and bad cert

From: Ming Fu <Ming.Fu_at_watchguard.com>
Date: Wed, 25 May 2011 16:16:54 +0000

> >> It is too late to alter the client certificate. By the time a server
> >> connection is opened Squid may have already served replies out of
> cache
> >> to the client.
> >
> > I am a bit surprised. Can sslbump make some https content cacheable?
>
> Why surprised? ssl-bumps' purpose is to remove the SSL layer on
> arriving
> traffic.
>
> The data inside is just HTTP and gets handled same as any other.
> Caching, filtering, alterations. Anything goes once the security layer
> is erased.
>

This does make me worried. For a web developer writing an https only site,
He wouldn't bother with cache control headers the same as when he is develop
http site. The https itself implies private to sharing. I would expect sslbump
perverse this privacy in dealing with https traffic.

Ming
Received on Wed May 25 2011 - 16:17:02 MDT

This archive was generated by hypermail 2.2.0 : Thu May 26 2011 - 12:00:03 MDT