I can't understand the SSL connectios interception concept in explicit mode

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

I can't understand the SSL connectios interception concept in explicit mode

Roberto Carna
Dear, I can't understand an important concept:

I know that in transparent proxy mode, I have to intercept HTTPS
traffic in order to proxy and filter it.

But I read in the pfSense's Squid help that in explicit mode there is
no need to intercept the HTTPS traffic in order to proxy and filter
it....why is this possible? I think the explicit Squid proxy has to
intercept traffic in order to porxy and eventually filter it....

Please can you explain me this concept?

Special thanks
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: I can't understand the SSL connectios interception concept in explicit mode

Matus UHLAR - fantomas
On 02.02.18 11:42, Roberto Carna wrote:

>Dear, I can't understand an important concept:
>
>I know that in transparent proxy mode, I have to intercept HTTPS
>traffic in order to proxy and filter it.
>
>But I read in the pfSense's Squid help that in explicit mode there is
>no need to intercept the HTTPS traffic in order to proxy and filter
>it....why is this possible? I think the explicit Squid proxy has to
>intercept traffic in order to porxy and eventually filter it....
>
>Please can you explain me this concept?

explicit mode is where the client explicitly connect to the proxy and asks
it to CONNECT to the server. There's no need to intercept the connection
because the connection is done to the proxy.
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: I can't understand the SSL connectios interception concept in explicit mode

Roberto Carna
OK Matus, now I understand....but let me ask one more question:

In explicit mode, is it possible that a given person with Squid
advanced knowledge can see the plain text of the traffic? Because if
this person is the admin of the proxy server, I think it may be a way
to read the plain content of the connection user-remote server.

Thanks a lot again !!!

2018-02-02 12:06 GMT-03:00 Matus UHLAR - fantomas <[hidden email]>:

> On 02.02.18 11:42, Roberto Carna wrote:
>>
>> Dear, I can't understand an important concept:
>>
>> I know that in transparent proxy mode, I have to intercept HTTPS
>> traffic in order to proxy and filter it.
>>
>> But I read in the pfSense's Squid help that in explicit mode there is
>> no need to intercept the HTTPS traffic in order to proxy and filter
>> it....why is this possible? I think the explicit Squid proxy has to
>> intercept traffic in order to porxy and eventually filter it....
>>
>> Please can you explain me this concept?
>
>
> explicit mode is where the client explicitly connect to the proxy and asks
> it to CONNECT to the server. There's no need to intercept the connection
> because the connection is done to the proxy.
> --
> Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> WinError #98652: Operation completed successfully.
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: I can't understand the SSL connectios interception concept in explicit mode

Alex Crow-2
On 02/02/18 15:12, Roberto Carna wrote:

> OK Matus, now I understand....but let me ask one more question:
>
> In explicit mode, is it possible that a given person with Squid
> advanced knowledge can see the plain text of the traffic? Because if
> this person is the admin of the proxy server, I think it may be a way
> to read the plain content of the connection user-remote server.
>
> Thanks a lot again !!!
>
>
Unless you are using ssl-bump/peek and splice (which will be show up a
warning in the browser if squid's CA in not installed in its list of
authorities) the traffic is tunneled through squid still encrypted. You
can't see anything but the domain part of the URL.

If you are bumping, and have installed CAs into browsers, just, of
course it's possible for a proxy admin to see the plaintext.

Cheers

Alex
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users