sslbump https intercepted or tproxy

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

sslbump https intercepted or tproxy

Vieri
Hi,

It's unclear to me if I can use TPROXY for HTTPS traffic.

If I divert traffic and use tproxy in the Linux kernel and then set this in squid:

https_port 3130 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem

it seems to be working fine, just as if I were to REDIRECT https traffic and then use this in Squid:

https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem

So, does anyone know if it's not recommended / not supported to use tproxy with https traffic?
I'm asking because I don't see any issues with tproxy, with the added advantage of being able to route on the gateway per source IP addr. (in intercepted mode, the source is always Squid).

Are there any reasons for which one would not use TPROXY with HTTPS?

Vieri
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: sslbump https intercepted or tproxy

Amos Jeffries
Administrator
On 20/10/20 4:39 am, Vieri wrote:
> Hi,
>
> It's unclear to me if I can use TPROXY for HTTPS traffic.

You can. It is just an alternative to NAT.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users