Re: Squid in a school - problems with https

To: <debian-user@lists.debian.org>
Subject: Re: Squid in a school - problems with https
From: "nate" <debian-user@aphroland.org>
Date: Sun, 4 Nov 2001 13:15:24 -0800 (PST)
Message-id: <[🔎] 1150.216.39.174.24.1004908524.squirrel@webmail.aphroland.org>
In-reply-to: <[🔎] 20011104213638.C701@fishbowl.madduck.net>
References: <[🔎] 20011104213638.C701@fishbowl.madduck.net>

martin f krafft said:
>
> is no way that it can decrypt the stream and cache the data -
> unless something here is entirely broken, or i am failing to
> understand the trivial.


i wouldn't want squid to cache https data. all squid has
to do is allow the connection. from what ive heard from
the developers at my company a proxy that does SSL is just
supposed to allow the data to pass. any interference in
the data(caching etc) could quite possibly invalidate the
encrypted stream and cause all kinds of problems.

a quick search turned up this:
http://developer.netscape.com/docs/manuals/proxy/adminux/encrypt.htm#1015838
"With SSL, the data stream is encrypted, so the proxy has no access to
the actual transaction. Consequently, the access log cannot list the
status code or the header length received from the remote server. This
also prevents the proxy, or any other third party, from eavesdropping
on the transactions."
while not specific to squid i believe it applies to squid.

you could probably come up with a caching proxy by integrating
the ssl sniffing stuff from dsniff(?). but i wouldn't want my
ssl data cached anywhere.


nate

Reply to:

References:
- Re: Squid in a school - problems with https
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: Bug#118173: xmms: playlist fonts screwed up, shows empty squares instead of text
Next by Date: Re: timezone -0200
Previous by thread: Re: Squid in a school - problems with https
Next by thread: Re: Squid in a school - problems with https
Index(es):
- Date
- Thread